Sentor
Home Managed Security Services
IDS/IPS 24/7 Firewall 24/7 ASSASSIN Log Management Managed Vulnerability Scan
PCI DSS
Professional Services News About Sentor Contact us
Sentor MSS UK
41a Coronet Street
London N1 6HD

Phone: +44 (0) 20 70 33 18 38
E-mail: info@sentormss.com


Page in Swedish In Swedish

PCI Data Security Standard

Let Sentor help you reach PCI DSS compliance

"The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.

The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data." -- From the PCI Security Standards Council's website.

As a result of numerous high profile data breaches with major loss of credit card information due to insufficient security practices the PCI DSS has been put into practice. While the requirements in the PCI DSS will help to improve the security of your operations, implementing and maintaining them all correctly can be a cumbersome endeavour. Complying with the Payment Card Industry Data Security Standard can be the starting point of an enterprise wide initiative to protecting your business.

How Sentor can help you achieve compliance

Out of the twelve security requirements mandated by PCI, most of them can be directly achieved and maintained by enrolling with Sentor Managed Security Services. Sentor operates a Security Operations Center (SOC) 24x7 from where Sentor provide its clients with a comprehensive set of security services:

From the Sentor SOC operators and analysts can obtain a direct view of the client organisations overall security posture: View real-time security events, device status and configuration, submit and track change requests and incident tickets, generate and track custom metrics and create monthly reports. All our MSS services include 24x7 telephone support.

Sentor Professional Services can help you achieve comliance in a number of ways:

  • Sentor's security experts can perform a GAP analysis on your IT environment with regards to PCI DSS
  • Penetration tests are required by PCI DSS and is one of Sentor's areas of expertise
  • Sentor's security advisory service can be used for guidance regarding how to achieve PCI DSS compliance
  • Sentor can train your developers in secure coding practices inline with for example the OWASP framework
  • Sentor can help you with system hardening which is also required by PCI DSS
  • Create information security policies and processes and help implement them

Mapping Sentor's services to PCI DSS

Below is a matrix mapping Sentor's service offering to the PCI DSS requirements and following that is a description of how Sentor can help you achieve PCI DSS compliance.

Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

These requirements can be met and maintained with Sentor's Managed Firewall and Vulnerability Scanning Services.

Protect Cardholder Data

Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Sentor Professional Services can assist when architecting and implementing secure and segmented environments that meet the PCI-DSS requirements.

Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications

Sentor's Vulnerability Intelligence Service will help clients to obtain critical information about security issues in software deployed in the client envinronment.

To ensure secure operations of the clients web applications throughout the application lifecycle Sentor offers its Web Application Assurance Service comprising a one-stop-shop for application security services such as source code audits, Managed Web Application Firewall and both recurring and on-demand dynamic Web Application Assessments.

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

Sentor Professional Services can assist when architecting and implementing secure and granular authorization- and access control mechanisms.

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

The Sentor SOC provides continuous monitoring of security information and events collected from the clients production environments such as changes to critical system files, authentication and audit log events as well as events from IDS and IPS solutions. Information and event flows are correlated and analyzed in order to provide its clients with comprehensive analysis and reports through the Sentor Security Management Portal.

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security

Sentor's Professional Services can be used to assess the current state of compliance within the client organization and to launch and execute implementation projects that achieve and maintain your compliance status.

Top of page
IT Security News
© Sentor 2011