TBG Security: Information Security Consulting

Compliance Services

Information Security Services

Network Services

Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS - The Sleeping Giant Awakes

High-profile losses of cardholder data and the resulting lawsuits have led the Payment Card Industry (PCI) to bear down on businesses with its PCI Data Security Standard, issuing fines as high as $25,000 a month or $500,000 per incident for non-compliance.  Less spectacularly, but no less importantly, the payment card industry tightened up its enforcement of the PCI Standard, and state legislatures considered (and Minnesota enacted) legislation intended to add an additional layer of liability for merchants who permit customers’ card data to be compromised. For a merchant, the monetary penalties under the PCI Standard might be the least of the consequences for failure to protect card data. Loss of the ability to accept credit and debit cards as payment for goods and services can be devastating, especially for online businesses that cannot accept cash and checks. 

TBG Offers Comprehensive Services To Meet Your PCI Compliance Requirements.

Working as either a full service consultant, or as an adjunct to your in-house business & security team, TBG will execute a three phase PCI compliance readiness process to insure that your business meets or exceeds their PCI compliance requirements. Following the readiness process we’ll work with your team to assist in meeting the PCI certification requirements.  In most cases this will be in the form of managing the self-assessment audit or coordinating the engagement of a Certified Assessor.  Once the certification process is complete, TBG is perpared to offer ongoing services to assist your business in maintaining PCI compliance readiness as requirements or regulations change and/or new vulnerabilities are detected.

Click on the phases below to learn more:

Phase One: Assessment

The first step to any successful compliance effort is to review your current security environment and identify any holes or vulnerabilities In the first phase TBG will perform a detailed assessment of your existing infrastaructure, applications and policies. In this phase we will scope the project domain to determine the components in scope as well as review the systems, policies, process and procedures covered by the compliance regulations. Our Services include:
  • Target Scanning – identifying targets of interest
  • Exhaustive Port Scanning – identify services on each target
  • Version Scanning – fingerprint the services and OS to identify
  • Vulnerability Scanning – vulnerability scanning of targeted hosts
  • Application Scaning – vulnerability scanning at the application level
  • Penetration Testing – automated and manual penetration tests
  • Policy Review – review existing policies and procedures

View a slideshow of our Assessment process by clicking here.

Phase Two: Design

In the design phase we’ll leverage the findings from the assessment phase to formulate a game plan and design a solution to meet the PCI compliance requirements identified in Phase One. During this phase TBG associates will work with your team to review all assessment findings, determine next steps and establish a detailed set of projects to meet your compliance objectives. Our Services include:
  • Create a readiness report documenting the Assessment findings
  • Conducting gap analysis based on Phase One findings
  • Conducting a post-assessment review of all findings from Phase One
  • Developing a comprehensive list of all remediation projects
  • Creating a detailed project plan including milestones and deliverables
    for the remediation phase of the project
  • Conducting training for your business on information security and data
    handling as it pertains to the compliance requirements

Phase Three: Implementation and Remediation

In this phase, working with your team, TBG associates will provide comprehensive services to implement the design features developed in phase two and remediate any PCI compliance issues identified in previous phases. TBG can also act as an expert resource to supplement the internal business, IT and security staff as necessary. Services in this phase can include:
  • Prepare a detailed remediation plan
  • Device configuration
  • Design, build and deployment and testing of required or new systems
  • Advising in-house staff responsible for designing and implementing new
  • systems, policies, procedures and controls
  • Process Validation
  • Policy generation
  • Document step-by-step instructions to implement the low-level design

Phase Four: Compliance Certification

Working with your compliance team, TBG Security will manage the PCI compliance process whether it be filling out a self-assessment or coordinating the activities of an independent Auditor. If an independent audit is required, TBG Security can recommend, or supply, and help engage, an auditor that possesses the required industry expertise to meet the audit requirements in an effort to maximize the quality of the results. Audit services may include:
  • Verification of PCI compliance against the standards/regulations
  • Testing and validation of controls
  • Preperation of formal reports or questionnaires
  • Verification of required vulnerability scan results
  • Packaging and submission of any related documentation as appropriate
  • Certification of audit report
  • Acting as your advocate to resolve any questions from auditing personnel

Ongoing Compliance Monitoring, Scanning and Auditing

Once your organization has achieved compliance, most, if not all, compliance regulations require an annual audit of your security systems and procedures. In most cases, the assessment may be conducted by internal staff (and must include a signoff from a C-level officer) or by a third party. TBG Security is prepared to help you maintain compliance thru services to monitor scan reports and changes in the Standards that may impact your compliance status.

Ongoing services include:
  • An annual on-site audit of your organizations security systems and procedures
  • Periodic (quarterly, annual, etc.) review of networks for security posture
  • Performing, monitoring and assessing results of quarterly vulnerability scans
  • Regular monitoring/analysis of network devices for security events and breaches
  • On-demand assessment of specific network components for security posture
  • Periodic review of access, management, and data encryption
  • Log monitoring and forensics to investigate specific incidents

Why TBG Security Is Your Preferred PCI Compliance Partner

TBG Security provides end-to-end information security solutions. We have a proven track record of helping our customers gain efficiencies through technology support and implementation. Our experienced network of security experts has subject- matter expertise in a broad array of disciplines.

Through our industry expertise and track record with PCI and other compliance requirements for over 15 years, TBG Security acts as a trusted advisor to its clients around the world. We are on hand to guide our clients through their compliance program, to provide often vital advocacy to the compliance organizations and , and to supply any necessary remediation services. Our Industry expertise is reflected in these key benefits:

  • The Shortest Path To Compliance. Unlike companies that simply know network security, we understand the requirements for a broad range of compliance regulations. We’ve seen the issues before and have implemented solutions across a broad spectrum of industries and customer profiles. Few other vendor can apply this unique knowledge and expertise to achieve faster, higher integrity project completion.
  • Flexible Solutions. We pride ourselves on our customer driven approach to solving your organizations security challenges. TBG does not partner with any security vendors leaving us with a unique ability in the industry to present truly objective solutions. Our managed solutions are presented as a cost effective method to reduce overall operational costs, and are provided only as a small piece of the security puzzle. Technology is only part of a comprehensive security program. TBG understands, and everyday helps to educate its customers on the role that people and process play in solving the security puzzle.
  • Commitment To Excellence. Although many vendors offer services to companies seeking compliance and auditing solutions, few providers match TBG’s expertise, intelligence-gathering capabilities, commitment to open standards, or role as trusted advisor. TBG leverages regulatory knowledge, training, and experience; best-of-breed solutions; a global network of proven technology; and its history of stability and trust to deliver solutions that are not only effective, but also make the best use of existing in-house personnel, technology, and processes.


For more information on how TBG Security can help your organization reach compliance contact our (JavaScript must be enabled to view this email address) or call us directly at 877.233.6651 ext 704.

Related Services