PCI Compliance

pc-compliance
WHAT IS OFFERED?
  • A historical audit trail for user access, Active Directory changes and network device configuration modifications.
  • Assistance with developing acceptable use, security and disaster recovery policies tailored to each client and pursuant to PCI DSS best practices.
  • Identifying known exploits and vulnerable systems on your network and developing a plan to resolve / mitigate any exploits and vulnerabilities found.
  • Assistance completing the PCI DSS self-assessment properly.
WHO NEEDS IT?
  • Any business that processes credit card transactions over their network.
    • If transactions are processed over your internet connection, it is your network.
    • If transactions are processed over your phone line, it is not your network.
  • Any business that requires elevated network security.
    • Medical records / client patient data.
    • Confidential personal information / social security numbers.
    • Financial records.
  • Security organizations such as, Police, Fire, and Rescue.
  • Any business concerned about their network security.
  • Any business that has identified a breach in their network security
WHAT IS INCLUDED?
  • A Tech Group installed appliance, onsite at your place of business, used to collect data.
  • Quarterly vulnerability scans on every device on  your network.
  • Quarterly analysis and review of Syslog messages.
  • Quarterly audit of network device configuration changes.
  • An Annual review of “Acceptable Use” and “Disaster Recovery” policies.
  • Quarterly reports of Active Directory changes and events, delivered electronically.
  • Quarterly Executive Summary and reports delivered electronically.
  • 24x7x365 monitoring of the installed appliance.
WHAT IS REQUIRED?
  • Power, network connectivity, and a secure location for the Tech Group appliance.
  • 4 Static IP addresses on the network.
  • A dedicated Tech Group Administrator account in Active Directory.
  • Administrator credentials to access all network devices including routers, firewalls, switches, and wireless access points.
  • Adding a Syslog target to any device that supports Syslog.
  • Installation of HIDS agent on Windows and Linux.