PCI Readiness Assessments

A successful PCI compliance plan first requires an in-depth review of your existing infrastructure, applications and policies. We focus primarily on items relevant to the PCI Data Security Standard (PCI DSS).

Services include:

• Target Scanning – identifying targets of interest
• Exhaustive Port Scanning – identify services on each target
• Version Scanning – fingerprint the services and OS
• Vulnerability Scanning – vulnerability scanning of targeted hosts
• Application Scanning – vulnerability scanning at the application level
• Penetration Testing – automated and manual penetration tests
• Policy Review – review existing policies and procedures
• TBG Security’s PCI Site Assessment may be executed partially via phone interviews for policy reviews, and partially onsite for physical inspections and verification of data collected during off-site reviews.

Working with our customer, we prioritize the findings reported in the Assessment phase, formulating the most efficient and effective remediation strategy required to pass the PCI Audit.

Services include:

• Creating a readiness report documenting the Assessment findings
• Conducting a Gap Analysis
• Developing a comprehensive list of all remediation projects
• Creating a detailed project plan including milestones and deliverables for the remediation phase of the project

Your TBG Security team is now ready to implement the security improvements agreed in the Gap Analysis phase. The focus is to remediate all identified PCI compliance issues.

Services include:

• Device configuration
• Design, build, deploy and test of new or updated systems
• Training for in-house staff responsible for new systems, policies, procedures and controls
• Process validation
• Policy generation
• Document step-by-step instructions

Working with your in-house compliance team, TBG Security will offer full support during the PCI compliance process, be it filling out a self-assessment or coordinating the activities of an independent PCI auditor.

TBG Security has partnerships with a number of QSA firms, and we’ll be there to guide you through the final PCI audit process, providing the necessary information and documentation to meet the PCI Security Council standards for compliance.

Services include:

• Verification of PCI compliance pertaining to the standards/regulations
• Testing and validation of controls
• Preparation of formal reports and questionnaires
• Verification of required vulnerability scan results
• Submitting related documentation
• Certification of audit report
• Acting as your advocate to resolve any questions from auditing personnel

Many compliance regulations require an annual audit of your security systems and procedures in order to retain your standard validation. In most cases, the assessment may be conducted by internal staff (often requiring sign off from a C-level officer) or by a third party expert consultants. TBG Security is prepared to help you maintain compliance

Services include:

• Annual on-site audit of your organization’s security systems and procedures
• Periodic review of networks for security posture, as needed
• Quarterly vulnerability scans
• Regular monitoring/analysis of network devices for security events and breaches
• On-demand assessment of specific network components for security posture
• Periodic review of access, management, and data encryption
• Log monitoring and forensics to investigate specific incidents