PCI Data Security Standard (DSS)
PCI DSS (Payment Card Industry Data Security Standard) was introduced as a response to a number of serious data breaches where large amounts of credit card information was stolen. While the requirements of the PCI DSS help improving security around the management of credit cards, work on implementing and maintaining compliance with the requirements is a daunting task for many companies. Efforts to meet the requirements of PCI DSS can be a good starting point to begin a review of security in general in the company. Sentor is a QSA (Qualified Security Assessor) certified by the PCI, which means that we can assess how compliances are met.
Sentor can help you reach compliance – we are PCI DSS QSA
An accredited auditor – a Qualified Security Assessor (QSA) – must approve companies that want to reach PCI compliance. As a QSA Sentor can assist with all aspects of PCI DSS-related processes, from advice and assistance to implementation of controls and the actual certification.
How can Sentor help you meet the demands of PCI DSS?
Sentor can help you meet and maintain most of the 12 demands of PCI DSS directly through our Managed Security Services. Sentor is running an Operations Center (SOC) from which we deliver a number of qualified security services 24/7:
- Managed Security Monitoring 24/7
- Managed Intrusion Detection and Prevention Service 24/7
- Managed Firewall 24/7
- Vulnerability Intelligence Service
- Managed Internal and External Vulnerability Scanning
- Log Management Service
- Managed Web Application Assurance Service
From the SOC, Sentor operators and security analysts can gain a direct view of your overall security through real-time monitoring and analysis of security alarms, the status of the security equipment and configurations, create and track change requests and incident reports, generate and follow up on customer specific metrics and create reports . All our security services include 24/7 phone support.
Sentors consulting services can help you achieve compliance as follows:
- Sentor experts can perform a GAP-analysis on your environment with respect to the achievement of PCI DSS standards
- Penetration testing is one of the requirements of PCI DSS, and also one of Sentor’s core expertise areas
- Security consulting can be used as guidelines for how to achieve the requirements specified by the standard
- Sentor can educate developers in secure development methodologies such as OWASP Code or act as a security advisor in a project under the “Secure SDLC” model
- Sentor can help with production hardening of equipment, which is also one of the requirements
- Sentor can create security policies and procedures and help to implementing them
Step 1 – Begin your journey towards PCI DSS compliance!
PCI DSS certification starts with a gap analysis to see how well the company meets the 12 overall requirements of the PCI DSS standard. The assessment is conducted through interviews with key people within the organization, as well as audits of related policies and documents. The aim of this is to define the scope of each part of the PCI DSS project.
Interested? Contact us!Contact Us
Sentor PCI DSS-related services mapped out
Below is a matrix describing how Sentor service offerings relate to the requirements of PCI DSS, followed by a description of how Sentor can help you achieve the qualification demands.
Building and maintaining a secure network
Requirement 1: Install and maintain a firewall
Requirement 2: Do not use vendor-supplied defaults
These requirements can be met with Sentors services Managed Firewall and Vulnerability Scanning.
Protecting credit card data
Requirement 3: Protect stored credit card information.
Requirement 4: Encrypt the transfer of credit card data over public networks
Sentors security consulting services can help you design and implement secure segmented environments that satisfy the PCI DSS requirements.
Building and mantaining a vulnerability management process
Requirement 5: Use and regularly update anti-virus software.
Requirement 6: Develop and maintain secure systems and applications
The Sentor Vulnerability Intelligence Service helps customers get information about vulnerabilities in the software used. To ensure that applications can achieve the same high level of security throughout their life cycle, Sentor provides source code analysis, Managed Web Application Firewalls, regular application analysis and security expertise throughout development processes in accordance of the “Secure Software Development Lifecycle” model.
Implement strong access control
Requirement 7: Limit availability of credit card data on a need-to-know basis
Requirement 8: Distribute unique usernames to all users accessing data
Requirement 9: Limit physical access to data
Sentor consulting services can help you design and implement control mechanisms for access.
Monitor and test networks regularly
Requirement 10: Monitor and log all access to network resources and credit card data
Requirement 11: Regularly test security systems and processes
The Sentor SOC continuously monitor security events and security-related information from the customer’s IT environment such as critical file system changes, authentication and audit log events and alarms from IDS and IPS systems. Information and event flows are correlated and analyzed to enable the client to obtain complete and unambiguous reports via the Sentor web portal.
Several of Sentors services can be used to meet requirements number 10 and 11 in PCI DSS: Managed Security Monitoring 24/7, Managed Intrusion Detection and Prevention Service 24/7, Log Management Service and penetration tests / security analyzes.
Maintain a policy that addresses information security
Requirement 12: Maintain a policy that addresses information security
Sentors consulting services can be used to evaluate the level of qualification in the customer’s organization and start and execute projects to achieve and maintain complete qualification.
Interested? Contact us!Contact Us