detection and appropriate reaction to security incidents. PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. In other words, if a customer of an organization pays a merchant directly using a credit, debit or prepaid card, the PCI DSS requirements apply.
Cardholder data is any personally identifiable data associated with a cardholder. This could be an account number, expiration date, name, address, social security number, etc. All personally identifiable information associated with the cardholder that is stored, processed, or transmitted is also considered cardholder data.
Validation of compliance is done annually - by an external Qualified Security Assessor (QSA) and CounterStrike has some of the best in the business that can write a credible Report on Compliance (ROC) to submit to the card associations which is essentially an independent validation that the merchant is in compliance with PCI DSS.
CounterStrike can also provide you with PCI requirements assistance, including:
Security scans assist in the identification of vulnerabilities and mis-configuration of web sites, applications, and information technology (IT) infrastructures with Internet-facing IP's.
The purpose of penetration testing is to footprint, enumerate and potentially exploit vulnerabilities in web application(s) and network infrastructure using automated tools and manual mechanisms, above and beyond what simple automated scanning tools can achieve.
Network and application penetration tests are different from vulnerability scans in that penetration tests are more manual. They attempt to actually exploit some of the vulnerabilities identified in scans, and follow practices used by hackers to take advantage of weak security systems or processes.
Policies & Procedures Documentation
Development and implementation of clear and comprehensive documentation is vital for any organization that wishes to achieve PCI compliance. CounterStrike is an expert in writing PCI compliant policies and procedures for any size organization.
Security Awareness Training
CounterStrike specifically tailors training to the existing knowledge and attitude of members of an organization regarding the protection of the physical and, especially, information assets of that organization to achieve a long term shift in the attitude of employees towards security, while promoting a cultural and behavioral change for all workers when they join the organization and periodically thereafter, usually annually.
PCI Gap Analysis
CounterStrike PCI professionals will perform a gap analysis and perform the required testing to be able to inform the client of the controls that need remediation to achieve PCI compliance. The assessment will include a review of the cardholder production network (including vulnerability and penetration testing) and supporting technical documentation. The assessment process may include interviews with company personnel to determine what PCI requirements are in place and where remediation is required.
Contact CounterStrike for all of your PCI DSS needs today!