The larger team I work in is about to release a new ecommerce website that allows the secure storage and usage of personal and corporate credit cards. As far as system components go, the payment card info. is stored securely in Oracle and the DB itself is in the private network behind a special PCI-related firewall. Still, this application comes under PCI compliance regulations. What is required as far as the timings on when the initial scan is required with this application - is it needed before go-live, or some time after i.e. "90 days"? I don't think the team here is considering security testing in their final efforts.
Software/Hardware used: IBM Portal, IBM Commerce, Oracle Database, Sun hardware
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!