Security Auditing

Concerned with compliance? You should be. Corporations face a multitude of regulatory issues, from SOX, HIPAA, GLBA, PCI DSS and the list continues to grow.

Meeting the vast requirements of compliance regulations is not as expensive as NOT meeting them. As of June 30th 2008, PCI DSS Section 6.6 is now required, which means that companies who deal with credit or debit cards online must use an application layer firewall or have a complete website assessment to remain PCI compliant.

“acquirers failing to provide confirmation that their level 1 and 2 merchants are not storing full track data, CVV2 or PIN data by March 31, 2007, will be eligible for fines up to $10,000 a month per merchant, subject to escalation in the event material progress toward compliance is not made in a timely manner,”

“Acquirers will be fined between $5,000 and $25,000 a month for each of its level 1 and 2 merchants who have not validated by Sept. 30, 2007, and Dec. 31, 2007, respectively.”

Sources:

PCI Security Standards

PCI Answers

Our team can assist you with forward facing documentation for any auditing firm and guarantee compliance is met. We follow a structured methodology compromised of CoBIT, NIST, ITIL, ISO guidelines, recommendations and practices. We will assist your existing staff assess the current posture of your infrastructure and will make recommendations based on our findings.

Infrastructure Auditing