Login to your TrustKeeper Portal Account
Thank You. One of our sales specialists will be in touch shortly.
Speak with a Trustwave sales specialist to learn more.
Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is a moving target. Technology changes, businesses grow and hackers get smarter. The standard has evolved to meet this constant change – but many organizations establish compliance goals to go further, choosing a state of continuous monitoring to facilitate ongoing data security. That's where PCI Plus comes in.
Medium and large enterprises that are risk-minded understand the importance of becoming compliant with PCI DSS. These organizations know that achieving compliance is merely the foundation for security – not the end game. As a result, they want to augment the best practices already in place for PCI validation to help ensure customer and brand protection.
Trustwave has created the PCI Plus Risk Assessment to address a stringent risk approach, enabling organizations to further mitigate risk and address a rapidly changing threat environment. PCI Plus enables your organization to execute a security strategy that achieves compliance as an outcome rather than the primary objective. In this way, compliance and securing data are factored into your security investment instead of just showing up as a checkbox.
The objectives for the PCI Plus are to:
Intrusion to Detection in Days
A PCI Plus Risk Assessment helps you more fully integrate PCI compliance objectives into your IT risk and security management programs.
PCI DSS is a set of best practices to help standardize the protection of data. However, because your cardholder data environment (CDE) and the threats to it are unique, this risk assessment helps you beat attackers to the punch by identifying threats relevant and specific to your business.
With guidance from our Global Compliance and Risk Services team, the risk assessment helps you better understand attacks, including their sources, sequences and tools that are used.
An outcome of the risk assessment is to help you understand what to focus on to achieve continuous compliance. An organization acting this way is positioned to be a company that is secure - and avoids the financial repercussions and negative media coverage that goes with a data breach.
Our Managed Security Testing ensures that you're identifying holes in your environment before hackers do. By combining the PCI Plus Risk Assessment with our SpiderLabs penetration testing expertise, Trustwave can merge knowledge of your business processes with offensive technical security testing.
Each assessment begins by working with a Trustwave consultant to identify the assets that are in scope for the PCI Plus approach. From here, Trustwave identifies the threats and associated vulnerabilities, determines their severity and impact on cardholder data, as well as the likelihood of an exploit occurring, given existing security controls.
The Trustwave risk assessment approach incorporates proven methodologies to ensure that industry best practices are followed. Having conducted significantly more assessments than any other qualified security assessor (QSA), we have the depth and breadth to help our customers go beyond a basic PCI DSS assessment.
We start with a targeted risk assessment on the cardholder data environment (CDE) to identify threats and vulnerabilities specific to processing. From there, an in-depth penetration test through our Managed Security Testing takes into account systems adjacent to the CDE.
An important step in this assessment is to help your organization focus on the areas where PCI may fall short, including turning on the right Trustwave technology to go beyond an assessment. These products (such as SIEM, Data Loss Prevention and Secure Web Gateway) handle the 'wall of data' that many organizations face. These technologies work together to help monitor, and ultimately thwart, changes to or leakage of the CDE, as well as preventing the influx of malware into the corporate environment.
We staff these engagements with a rotating model and an iterative validation process that includes annual validation, but also identifies areas to be re-validated quarterly or semi-annually. This process takes the emphasis off the all-too-common "point-in-time" validation cycle, and helps push your organization toward continuous compliance. The engagement deliverable is a PCI Plus Risk Assessment report that is priority ranked for your business.
2018 Trustwave Global Security Report
PCI Plus Risk Assessment Services Brief
Beyond PCI Compliance: Evaluating Your IT Risk