Overview High profile and negatively publicized data         Developed by payment brands of the PCI  security breaches h...
Operational        Insufficient Log Management and                      Legacy systems not supporting the         Monito...
Security Consulting ServicesHCL deploys risk management programs empowering organizations to meet the compliancerequiremen...
controls as compared to best practices. HCL scanning & assessment analyzes organizations controls todetermine their compli...
for executives, matrix prioritization for           reports        managers, and technical detail for        procedural an...
Client: BPO Unit of Fortune 50 Organization, captive BPO unit in India & PhilippinesObjective: In the process of providing...
HCLT Brochure: PCI DSS Consulting Certification Services
Upcoming SlideShare
Loading in …5
×

HCLT Brochure: PCI DSS Consulting Certification Services

765 views

Published on

http://hclte.ch/If33g9 - More on IT Infrastructure Management

http://www.hcltech.com/ - More on HCL Technologies

Failing to implement and comply with financial information security policies and procedures could present serious threats and loss to business. HCL deploys risk management programs to empower organizations to satisfy the compliance requirements in a business context instead of simply running down a checklist of requirements. Find out what HCL how enables customers to comply with Payment Card Industry Data Security Standard (PCI DSS) in this brochure.

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
765
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

HCLT Brochure: PCI DSS Consulting Certification Services

  1. 1. Overview High profile and negatively publicized data  Developed by payment brands of the PCI security breaches have left consumers who Security Standards Council, including use payment cards increasingly concerned American Express, Discover Financial about the security of their personal and Services, JCB International, MasterCard financial data, and the risk of fraud. Driven Worldwide and Visa Inc. International. by a need to reassure cardholders and to  It is a multifaceted security standard that adopt the right risk management measures includes requirements for security organizations are increasingly adopting the management, policies, procedures, network Payment Card Industry Data Security architecture, software design and other Standards (PCI DSS) as a minimum standard critical protective measures. This to process, store or transmit card details. comprehensive standard is intended to help The Payment Card Industry Data Security organizations proactively protect customer Standard (PCI DSS) is a world account data. wide information security standard defined  Any business that stores transmits or process by the Payment Card Industry Security cardholder data has to comply with PCI DSS Standards Council. The standard was created standard. to help payment card industry organizations that process card payments prevent credit  For merchant & service provider level are card fraud through increased controls already defined based on the no of around data and its exposure to compromise. transactions processed in a year. Any business that stores transmits or process cardholder data has to comply with PCI DSS standard.HCL has a wealth of expertise in PCI DSS Compliance consulting, audit, technical design &implementation; understands the process of PCI compliance; is an authorized provider of PCI auditingand scanning services and is experienced to guide you towards a sustainable PCI DSS complianceprogram. Challenges Strategic  Lack of relevant and implemented  Segregation of Duties among Production, Information Security Policies and Development and Testing Teams Procedures Tactical  Identification of all systems within the  Lax Access Controls into systems and organization where Payment Card databases (Highly Sensitive Payment Card Information is stored Information stored in business databases)  Weak Data Classification and Handling  Access to payment card information to (Capturing / storing data against PCI large no. of business users (Need to know requirements) principle)  Weak network security controls (Allows easy access to critical areas)
  2. 2. Operational  Insufficient Log Management and  Legacy systems not supporting the Monitoring PCI DSS requirements for encryption  Network architecture security and  Lack of periodic vulnerability device security problems assessment and penetration testingFramework for PCI DSS ComplianceThe PCI DSS is a multifaceted security standard comprising twelve high-level requirements split intofollowing six categories:Taken together these six areas of data protection prescribed by the PCI standard helps to build acomprehensive approach to overall security. They address security concerns from network protection tosecurity governance policies.It is so comprehensive and well designed that it can be seen as a compliance enabler for a broad set ofindustry regulations. Since privacy is a core concern for almost all businesses, PCI standard compliancesupports your bottom line. In fact, the PCI standard can actually become the central principle aroundwhich your overall governance and risk management strategy can be organized.
  3. 3. Security Consulting ServicesHCL deploys risk management programs empowering organizations to meet the compliancerequirements in a business context, instead of simply running down a checklist of requirements. Ourapproach extends the compliance budget by providing a framework of safeguards to sustain complianceacross the board. HCL security consulting practice has experience in helping organizations achievecompliance with the PCI DSS and has developed following methodology as shown in the figure below:HCL PCI DSS Consulting ApproachTechnical Scanning & ComplianceManagement Services – PCI DSSHCL Network/Application Penetration Testing and Vulnerability Assessment Service helps organizationsprotect information-based assets from threats targeted at organizations IT landscape. The main objectiveis to gauge the current controls over the network/applications, and to assess the current state of the
  4. 4. controls as compared to best practices. HCL scanning & assessment analyzes organizations controls todetermine their compliance with relevant standards. Using proprietary methodologies aligned withOWASP and OSSTMM, HCL provides a thorough and complete analysis of the accessibility.PCI Compliance Onsite Audit Services PCI Compliance Scanning Services  Tested, adaptable and scalable  PCI Council Approved Scanning Vendor compliance methodology utilized for  Dedicated PCI Security Scanning Team global enterprise environments  PCI executive summary, management  Authoritative approach blends cross status and progress report(s) for industry & global best practices to refine acquirers control sets that make business sense.  PCI Compliance Report provided (per  Consultative approach migrates from device) compliance focus to security partnership framework.  PCI quarterly vulnerability trending  Standard reporting speaks business case
  5. 5. for executives, matrix prioritization for reports managers, and technical detail for procedural and project -oriented  Multiple commercial grade vulnerability positions. and penetration testing tools utilized  Reputation for time sensitive project completion and ongoing PCI compliance support.Benefits  Organization can protect their  Increasing IT efficiency and potential customer’s card data cost savings (e.g. through improved patch management, anti-virus  Boost customer confidence through a controls, user account management, higher level of data security etc)  Identify unusual or disallowed  Insulate from financial losses and behavior through the use of PCI remediation costs investigative reports  Maintain customer trust, and  Providing the respective Regulator(s) safeguard the reputation of brand with assurance that processes are suitably controlled  Provide a complete ‘health check’ for any business that stores or transmits  Increasing awareness of security customer information within the organizationCase StudiesClient: Leading Media and Entertainment Organization head quartered in California, USObjective: As part of its expansion strategy, client decided to introduce a new line of business services,for Ticketing and Sales. This resulted in requirements focused on the PCI DSS compliance adherence.Scope of Work:  Network and Application scanning for PCI DSS 1.2 requirements  Information Security Policy, Procedures and Processes Development to comply to PCI-DSS V1.2 requirements  Incident Response Plan Development  Formal Security Awareness Program DevelopmentBenefit to Customer:  Security policy, procedures and processes recommended to help meet compliance needs of PCI- DSS v1.2  Control framework inscribed in Policy, Procedures and Processes  Framework established through iterative reviews with IT, Business and Audit  Compliance efforts kicked off as controls were being defined.
  6. 6. Client: BPO Unit of Fortune 50 Organization, captive BPO unit in India & PhilippinesObjective: In the process of providing services, Client also handles confidential Customer informationand thus falls in the purview of various standards and regulations governing this sector. The governingorganizations in the sector also require the organizations dealing with Payment Card Information, toadhere to the Industry guidelines – PCI-DSS (Payment Card Industry Data security Standard). Thecomplicacy of the case required client to adhere to the SOX requirements as emanating from the parentorganization’s adherence to SOX.Scope of Work:  Existing Infrastructure Review  Internal Vulnerability Assessment  Analyzing Future State Requirements  Gap Analysis and Risk Evaluation  Report Findings and Recommendations  Ongoing Compliance Support ServicesBenefit to Customer:  New updated security policy recommended as per ISO 27001 frameworks to help meet compliance needs including PCI.  Risk Assessment and Management mechanism defined for operational teams to implement suitable controls  Guidance in controls provided to managers and administrators to handle the risks on ongoing basisWhy HCL?  More than decade experience of consulting, solution architecting and integration service  Capability to address end to end spectrum of Information Security domain.  Empanelled auditor for NSE (Asia’s largest stock exchange) and CERT-India.  PCI council approved scanning vendor (ASV) since 2005 (1st in India).  Large pool of consultants having diversified understanding of security domains.  Competency around all major information security compliance and standards.  Experience in delivering 130+ complex security consulting projects across the globe.  Backed by a solid industry positioning of HCL brand.  Ability to address Information Security Life-cycle need for enterprises from any industry vertical.  Recognized by Gartner and Forrester for security services maturity. For further information on HCL Security Consulting Services mail at infrapmgsecurity@hcl.com

×