Payment Card Industry (PCI) Security Solutions
View PCI Requirements Matrix View Foundstone PCI Solutions Matrix
Due to the growing problem of credit card fraud and identity theft, the five major credit card companies (American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International) united to support a new independent body, known as the Payment Card Industry Security Standards Council (PCI SSC), to strengthen security controls among their members.
Together they developed the Payment Card Industry Data Security Standard (PCI DSS), and all have agreed to incorporate the PCI DSS as the technical requirements of each of their data security compliance programs.
Foundstone Helps with PCI
Foundstone Professional Services offers various services to help organizations become compliant with PCI DSS – from staff augmentation, to PCI quarterly scans, to source code review and application and network assessments. As a Qualified Security Assessor (QSA), Approved Scanning Vendor (ASV), and PA-DSS QSA, Foundstone can help you become PCI compliant. The following are services related to PCI compliance. Download the Solution Matrix for details on what requirements each service satisfies.
- Quarterly PCI Scans
- Foundstone's unparalleled expertise and experience in network security enable us to comprehensively identify and clearly articulate security exposures. As an ASV, Foundstone has successfully met all PCI Security Standards Council requirements to perform PCI data security scanning.
- PCI Audit
- As a QSA, Foundstone will provide a gap analysis of the current state of your networks, systems, policies, and procedures as compared to the PCI DSS. The analysis will identify areas that need to be resolved to achieve PCI compliance and recommendations for resolving those issues.
- Application Penetration Assessment
- Looks at an application from the perspective of a malicious hacker and finds the holes before they can be disclosed publicly and exploited.
- Building Secure Software Course
- Satisfies Requirement 6.5 by teaching attendees the process and concepts of building secure software including how to define and design secure software solutions, select the appropriate techniques and technologies and understand the underlying mechanisms.
- Host Security Configuration Assessment
- Evaluates the security of your company’s critical servers by analyzing the operating system and application-level security issues of your company’s operating environments.
- Incident Response Program Development
- Provides guidance in building your Incident Response (IR) Program. Foundstone’s planning approach is cross-functional and inclusive of all stakeholders. You will be assured your plan is relevant to your organization because the plan is custom for you.
- JumpStart Security Code Review
- Performs a targeted assessment that augments automated code analysis with manual review to help improve the security of your application and meet PCI requirements.
- Network Architecture Assessment
- Assesses the security architecture of the infrastructure and evaluates the current design structure of various security control mechanisms in place to determine their effectiveness and alignment with security goals.
- Secure Application and Software Development Lifecycle (SDLC)
- Measures the maturity of your application security efforts and helps determine next steps by evaluating your SSDLC against a baseline of seven best practice areas.
- Network Penetration Assessment
- Identifies and tests potential points of attack after enumerating every live host, open port, and available service. Then identifies all vulnerabilities and focuses on areas where a compromise would have the greatest impact and risk to your business.
- Policy Assessment and Development
- Helps develop and implement strategic security programs. Policies are customized to meet security objectives and PCI regulatory requirements.
- Process Assessment and Development
- Helps develop effective security processes, so that your company can maintain a solid security posture over time.
- Product and Application Security Assessment
- Evaluates payment processing applications and products to meet the PCI requirements of protecting cardholder data in transmission and at rest.
- Secure Application and Software Development Lifecycle (SSDLC)
- Measures the maturity of application security efforts and helps determine next steps by evaluating SSDLC against a baseline of seven best practice areas.
- Security Governance Review
- Evaluates the organizational structure and management processes of an Information Security program, identifies gaps and provides recommendations to build a cost-effective information security management organization.
- Security Awareness Program
- Educates all employees, at any level within an organization. An employee-base that is educated and aware of security issues is key to the success of any corporate-wide program.
- Vulnerability Management Program
- Develops a risk-based Vulnerability Management Program to identify and mitigate vulnerabilities. This includes creating a secure state through hardening, identifying existing vulnerabilities, and through patching, a vital part to any PCI compliance program.
- Web Application Penetration Assessment
- Looks at a Web site from the perspective of a malicious hacker and finds the holes before they can be exploited.
- Wireless Security Assessment
- Identifies and inventories all wireless network access points, identifies and exploits weaknesses in the wireless network, and assesses the overall exposure of the company to wireless network attacks, then makes recommendations to secure the environment.
- Writing Secure Code Courses: Java or .NET
- During each of these courses, organizations will not only meet PCI requirements, attendees will understand the key security features of the J2EE and .NET platforms, the common web security pitfalls developers make, and how to build secure and reliable web applications. Students are lead through hands-on code examples that highlight issues and prescribe solutions.
Contact us to find out how we can help you become PCI compliant.
