Securus Global has tested and supports many products that organisations can use to manage and simplify their PCI DSS compliance and reporting requirements. . Our consultants are not sales people that don’t understand the product. We have evaluated strengths and weaknesses and have assisted many organization’s to ensure that the deployment will work with their overall strategy, programs and existing processes.
Not every solution is right for every customer and there is no one magical solution to PCI Compliance. Depending on your environment, budget, technical, procedural and people constraints one might be a better fit than the other.
Securus Global can assist with solutions in the following compliance requirements:
- Identification of Credit Card Numbers hidden in systems and databases
- Vulnerability Assessment and Management
- Web Application Scanners
- Web Application Firewalls
- Log Management and File Integrity monitoring
Contact us for more information on products and solutions that can support these requirements and assistance with evaluations and more information
Identifying Stored Card and Cardholder data
One of the most fundamental principles of the PCI DSS is restrictions on storing card and cardholder data. There are many tools on the market that are used to scan for card data. As a PCI DSS QSA often when we audit systems for card data, we will uncover numerous instances records containing card data on servers and workstations. This is information that you do not need when you are trying to complete the audit in a short window of time. Maintaining an solution that is used by QSA’s provides better assurance that you will not be receiving unwanted information when you least need it.
Vulnerability Assessment and Management
PCI DSS requires businesses to perform a network security scan every 90 days on all Internet facing networks and systems. To achieve compliance, businesses must identify and remediate all critical vulnerabilities detected during the scan.
Securus Global has tested and supports several options for Vulnerability Management that provide functionality to simplify this task and provide you with the information to identify and quickly eliminate vulnerabilities that will cause problems with PCI DSS Compliance.
Maintaining Secure Web Applications
PCI DSS Requirement 6.6 and 11.2 requires that organizations maintain secure web applications.
Web Application Scanners and Firewalls - when used correctly and when configured correctly can assist organisations to maintain secure web applications as part of an overall testing and assurance strategy and reduce some of the ongoing overheads associated with security testing on a continuing basis.
Log Management and File Integrity Monitoring
PCI DSS requirement 10.2 requires organisations to maintain, retain and protect sufficiently detailed audit logs and monitor changes to critical files. While it is not critical to support these functions, if correctly configured and used Log Management and File Integrity Monitoring programs can be a sound management decision that can certainly reduce the overhead and stress of pure compliance on operational teams enabling them to get on with business.