|
PCI Compliance Standards
Identity Theft and Credit Card Fraud have surfaced as the most lucrative and illusive crime in the digital age. Many businesses that accept credit cards and capture personal information are unaware of the condition of this data. Some are ignorant to the techniques used to storing this data, how long it is stored, which employees have access to the data, and whether or not it is secure. There is a tendency to trust resources’ opinions regarding the definition of secure. Modern criminals are sophisticated and advanced and in many cases, may be one of your employees. Either of these individuals are looking for vulnerabilities to exploit or simply trying to find a place with unmonitored access.
The PCI Data Security Standards are a set of standards and guidelines that protect both the business and consumer from these crimes. It helps business define what secure means when dealing with this confidential data. Implementing theses standards brings peace of mind to all those who interact with the business and can save companies money by optimizing business processes and reducing their exposure. This also provides the business a benefit, because they can assure their customers of the safety of their network and avoid security breaches which cost them loss of business and income. The cost to a small or mid-size business of a breach could be financially devastating in legal fees, penalties and fines, and overall customer retention.
The following displays the high level standards requirements for PCI compliance.
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
The Cadence Value
Proposition
The Cadence Group Value Proposition begins by employing experienced and knowledgeable professionals that have practical business and information technology experience. Our extensive experience allows us to fluently participate with numerous business groups and collaborate to develop effective and creative solutions. Our professionals also maintain structured guidance, and tactical strategies to meet and even exceed your needs. The Cadence Group has proprietary and innovative techniques to provide the customized required level of assistance that will effectively help you implement the necessary change to comply with PCI as well as secure and optimize your business. In addition, we have proven experience developing and assessing very complex aspects of business and information technology. We can bring a unique perspective to assisting you because of our hands-on experience from an external perspective.
Cadence works with organizations seeking to capitalize on this opportunity to truly affect change within their organization's culture and support mechanisms. Change requires real acceptance of responsibility by business units for continued, proactive assessment of risk and controls. To deliver true change, we not only equip you and your business with leading methodologies, but also focus on crucial elements of change management and continuous knowledge transfer from our team members to you throughout the project.
We further believe the keys to any such innovation is management’s ownership and flexibility. Ownership will help create long-term success for the project and allow for understanding and accountability within the organization. Our flexibility allows you to depend on us at any time during the project for any needed assistance and to obtain the benefits you require.
To provide flexibility, we can support any resource with the related tasks necessary to complete each phase of the project. We can coach and train you and your staff in completing the work. We can also work with you to understand your requirements, timing restrictions, budgetary constraints and desired results to develop a solution that is right for you.
 top
Steps to PCI Compliance
PCI Compliance
projects are typically divided into five phases.
Cadence can provide you with
assistance within each of these phases.
1.
Planning - A successful project requires detailed planning and coordination. These efforts should include the definition of roles and responsibilities as well as the scoping of the relevant risks, accounts, disclosures, processes and locations required for compliance with PCI.
Cadence's
Capabilities: By applying our experience in this phase, we are able to advise you of both of PCI requirements and industry best practices integral to a successful outcome and operating more efficiently. We provide seasoned templates and scoping reports to clearly document compliance issues and exposure. These templates will allow for a concentrated approach to expedite the overall process. The templates are broken down by roles and responsibilities which allow the individuals responsible to see a more consolidated list of requirements.
2.
Discovery -The Discovery Phase provides a snapshot of the current state of the business through interviews and observations. It allows for the discovery procedures, process and policies that address relevant requirements but may not be documented or formalized. Discovery usually occur using three different techniques:
1. Interviews
2. Observations
3. Evaluations
3. Testing
- The Testing phase provides more concrete evidence to confirm the results of the discovery phase. The tools used as part of the testing phase are industry standard. Our expertise allows us to determine relevant results vs. best practices. Testing generally occurs at three levels:
1. Internal Network Components
2. External Network Components
3. System Components
4.
Documentation - Documentation is logged throughout all phases. Cadence quality is paramount and to confirm the results the documentation is reviewed together with the evidence by a senior security professional. The results are then stored in a SQL database that enables Cadence to personalize and more effectively portray the findings. Through categories and departmentalization, each player can receive a personalized report with their responsibilities and objectives. Some examples of the reports available are Master Summary, Departmental, Categories, Best Practices, Deficiencies and Action Items.
5.
Assessment - At the conclusion of the process, management is responsible for assessing the results. Deficiencies are assessed to determine if a resulting deficiency can be remedied or is business justified.
Cadence's
Capabilities: We provide guidance in regards to the appropriate framework required to assess identified deficiencies. Our experience in performing attestations will help ensure you are assessing these deficiencies in the appropriate manner.
top
| 
