View stunning SlideShares in full-screen with the new iOS app!Introducing SlideShare for AndroidExplore all your favorite topics in the SlideShare appGet the SlideShare app to Save for Later — even offline
View stunning SlideShares in full-screen with the new Android app!View stunning SlideShares in full-screen with the new iOS app!
DSG international is one of Europe's leading specialist electrical retailers.
We have more than 1,300 stores and on-line stores, spanning 28 countries and employing 40,000 people. More than 100 million customers shop in-store and on-line with us every year.
Grown by investing in Europe ’s largest electrical retailers
We own brads like Currys, PC World, Pixmania, The TechGuys, PC City, Electroworld, Elkjop
PCI DSS defines 4 levels of merchants source: http://www.pcistandard.com/merchantlevels.html # of transactions Review by Vulnerability scan Level 1 over 6m in any channel QSA ASV (e.g. Qualys) Level 2 1m - 6m in any channel self questionnaire ASV (e.g. Qualys) Level 3 20k-1m online transactions self questionnaire ASV (e.g. Qualys) Level 4 less then 20k online or up-to 1m in any channel self questionnaire (not mandatory) ASV (e.g. Qualys) (not mandatory)
11.2 - external and internal vulnerability scanning
6.6 - web application scanning
2.2 - system hardening/configuration
DSGi ’s requirements for the system:
Approved Scaning Vendor (ASV) certified by PCI SSC
Software as a Service - no HW or SW to maintain
Minimum admin overhead
Scales to large international implementations
Easy to use with out of the box PCI DSS reports
Internal scanning managed via the same interface
Clear roadmap for compliance checking and web application scanning
System classification for patch management and risk management Internet Internal network Head office DMZ POS server mainframe eBusiness VPN GW acquirer setlement Network or Host IPS may lower the level by 2 Store network Critical Important High Medium Low 5 24 hours 5 days 14 days 20 days 40 days 4 5 days 10 days 20 days 1 month 2 months 3 10 days 20 days 1 month 2 months 3 months 2 6 months* Next release* Next release Next release No fix 1 no fix* no fix* no fix no fix No fix
Authenticated scan proved to address false positives and increased visibility of issues
Non authenticated scan can only reveal a limited number vulnerabilities without breaking into the system
Authenticated scan has a lower number of false positives and gives better picture of the patch and configuration status of a system