Get compliant with PCI DSS and secure card data
The PCI DSS community seems to be prone to numerous debates on what the standard actually allows and what loopholes and other grey areas may be found to get a free "get out of jail" card to get rid of the requirements without breaching the rules.
We believe that compliance is a logical branch of a common sense security programme. In other words, finding cost-effective and efficient solutions that really benefit the security posture of an organisation is our way of making the assessment process an easy, no surprise and enjoyable experience.
Our experts are primarily security practitioners with a wealth of experience implementing those controls and not only philosophising about them. This experience is at your disposal if you need no nonsense security solutions to your PCI DSS challenges.
Five Security can help you accurately identify the scope of systems and networks that will be considered as in scope for your PCI DSS assessment. We use a combination of proven methodologies, tools and techniques designed to find out where cardholder data reside within your environment and provide recommendations as to how to reduce this scope in order to facilitate the implementation of PCI DSS within your organisation.
The PCI DSS Gap Analysis is an important tool designed to identify all controls an organisation need to implement in order to achieve compliance but more importantly, it provides guidance on how to establish those controls.
PCI DSS workshops
Whether you want to identify the scope of PCI DSS, get up to date with v3.0, obtain assistance with the Self Assessment Questionnaires (SAQ) or learn how to implement a compliance programme, we help you to start on the right path by providing outstanding assistance and guidance.
Five Security can assist during the implementation phase of a PCI DSS project by providing the expertise required to establish security controls in the various areas of the standard. Example of same include network design, firewall rules review, system hardening, polices and procedures, etc.
PCI DSS training
We have courses and training materials designed to educate your teams about the requirements of PCI DSS, their roles and responsibilities and how to maintain compliance with PCI DSS over time. We can also help by delivering tailored security awareness training to meet your internal training requirements.
The 12 requirements of PCI DSS v3.2
BUILD AND MAINTAIN A SECURE NETWORK
Req. 1: Install and maintain a firewall configuration to protect cardholder data
Req. 2: Do not use vendor-supplied defaults for system passwords and other security parameters
PROTECT CARDHOLDER DATA
Req. 3: Protect stored cardholder data
Req. 4: Encrypt transmission of cardholder data across open, public networks
MAINTAIN A VULNERABILITY MANAGEMENT PROGRAM
Req. 5: Use and regularly update anti-virus software
Req. 6: Develop and maintain secure systems and applications
IMPLEMENT STRONG ACCESS CONTROL MEASURES
Req. 7: Restrict access to cardholder data by business need-to-know
Req. 8: Assign a unique ID to each person with computer access
Req. 9: Restrict physical access to cardholder data
REGULARLY MONITOR AND TEST NETWORKS
Req. 10: Track and monitor all access to network resources and cardholder data
Req. 11: Regularly test security systems and processes
MAINTAIN AN INFORMATION SECURITY POLICY
Req. 12: Maintain a policy that addresses information security