Security Architecture

PCI DSS Readiness Assessment

  • In-depth scoping analysis as it related to the PCI DSS criteria
  • Analysis of debit/credit (i.e., payment) Card “Transaction Environment”
  • Analysis of hardware/software systems, components and all other related application and network layer devices
  • Identifying and analyzing all significant third party outsourcers and managed service providers used by the organization

Remediation and Implementation

  • Secure Application Design and Implementation
  • Firewall Rules Design & Implementation
  • Intrusion Detection/Prevention System Design & Implementation
  • Device Configuration & Hardening
  • IT Security Policies & Procedures

Sustainment and Ongoing Compliance

  • Annual Compliance Validation
  • 3rd Party Compliance Programs
  • Day 2 Governance Programs

Application Security Testing (OWASP criteria)

  • Information gathering, authentication, session management, input validation
  • Application business logic
  • Infrastructure and application configuration management