- Which networks and apps do I have to perform a penetration test on?
- Is VLANing ok in lieu of a firewall?
- Is satellite connectivity considered to be a public network?
- I have 100,000 backup tapes – do they need to be labeled?
These are all perfectly reasonable questions. We come across them daily. Having performed hundreds of PCI assessments as former Qualified Security Assessors for the Payment Card Industry, we have seen a vast array of cardholder data environments, responded to countless incidents, and provided unique solutions to challenging and complex compliance and security issues. Undergoing a PCI audit can be a daunting, confusing process for merchants and other entities that handle cardholder data. The requirements, while prescriptive, are highly interpretable, and often times organizations do not have the resources to devote to a compliance program. Critical Assets can help you separate the fact from fiction and drive your compliance program in the correct direction by:
- Managing your PCI compliance program in a manner consistent with your objectives, freeing you and your team to get back to core business functions.
- Performing a PCI gap analysis – designed to identify areas of non-compliance, or partial compliance.
- Recommending solutions to areas of non-compliance utilizing configuration changes to existing infrastructure and policy updates where possible.
- Recommending and integrating the right combination of open-source and commercial product implementations where applicable.
- Preparing for and engaging in an “audit defense” strategy once the proper controls are in-place.
Making informed decisions about how to address both common and unique PCI compliance issues is critical to keeping your data safe and staying away from hefty bank and brand fines. Critical assets has worked with every type of organization in the payment chain, including:
- Level 1, 2, and 3 merchants in brick & mortar / ecommerce environments.
- Level 1 and level 2 processing service providers.
- Issuing and acquiring banks.
- Independent Sales Organizations (ISOs).