| Foreword
With the increasing commitment to credit cards information
at stores and processors, VISA, MasterCard, American Express
and other brands of credit card companies constituted the
PCI Council (*) in 2007. The PCI Council defined the Data
Security Standard (PCI-DSS) which is compulsory for processors
and merchants.
CYBSEC has been certified as a QSA (Certified Security Assessor)
by the PCI Council to provide on-site PCI (Payment Card Industry)
auditing services in Processors and Merchants in Latin America
and the Caribbean, and has been working with major credit
cards in security issues since 2002.
CYBSEC is one of the first companies to qualify as a QSA
since 2006, and has successfully carried out over 25 PCI-related
projects in Latin America.
(*) For further information on the PCI Council, http://www.pcisecuritystandards.org
(**) In order to view the list of valid QSA´s:
https://www.pcisecuritystandards.org/pdfs/pci_qsa_list.pdf
PCI Services
CYBSEC provides the following PCI-related services:
1. PCI GAP Analysis
Its aim is to analyze and assess the Organization’s
current situation with regards to the compliance with the
Data Security Requirements regulated by the Payment Card Industry
Standard (PCI) through a GAP analysis, and afterwards advise
on the ideal solutions for the environment to increase the
security level should any diversion from PCI Industry Standard
be detected.
Project stages are made up of an initial analysis, the gap
analysis and the Recommendation Report.
2. On-site PCI Audits and
Certifications
The object of this project is to assess on and audit the
compliance with the Data Security Requirements regulated by
the Payment Card Industry (PCI) Standard, and in case we determine
that such Requirements are fulfilled, issue the corresponding
PCI Compliance Certification Report (*)
This project stages are the auditing and development of a
Compliance Report.
(*) It is worth mentioning that the Certification can be
done solely by a QSA Certified Company, such as CYBSEC.
3. PCI Standard
The scope of the PCI Standard is:
Building and Maintaining Secure Networks |
- Installing and maintaining firewall configurations to protect information.
- Not to use passwords or security parameters provided by suppliers.
|
Protecting the Cardholder Information |
- Protecting stored information.
- Coding credit card data and sensitive information when exposing it to public nets.
|
Establishing Vulnerabilities Test Programs |
- Using and updating anti-virus programs regularly.
- Developing and Maintaining secure systems.
|
Implementing Strong control access measurements |
- Restricting access to information according to business rules..
- Assigning unique ID´s for each person that has access to the system.
- Restricting access to cardholder information.
|
Regularly Testing and Monitoring access to the net |
- Tracing and Monitoring all the carldholder accesses to the net and the information.
- Regularly Testing the systems and the security procedures.
|
Maintaining Information Security Policies |
-
Establishing policies aimed at Information Security.
|
Managerial Presentation
CYBSEC has designed a presentation describing the PCI standard
as a new Security Strategy for Payment Card Companies. The
presentation includes actual cases of information theft of
Payment Cards, who make up PCI, the fundamental points of
the “PCI-DSS” security standard, and finally shows
a case study.
To download the Presentation:
http://www.cybsec.com/upload/PCI_segurinfo_2007.pdf
Contact
For further information on our PCI services, please contact:
Claudia Macri
Email: cmacri@cybsec.com.
Telephone/Fax: +54-11-4371-4444.
Address: Rodriguez Peña 286, 2nd Floor – C.P.
1020 – Buenos Aires – Argentina.
|
Print
text 
