Is it necessary to have a Readiness Assessment? YES, if your organization has an obligation to meet one of these requirements:
- Payment Card Industry Data Security Standards (PCI DSS)
- Sarbanes-Oxley Act (SOX)
- Gramm-Leach Biley Act (GLBA)
- Health Insurance Privacy & Accountability Act (HIPAA)
- Federal Information Security Management Act (FISMA)
To meet many of these stringent requirements and controls you must make the effort to assess your environment, identify gaps in compliance, and implement an action plan to assure your “in-scope” applications and systems are compliant prior to an external auditor or assessor comes on-site to conduct their evaluation. How do you do this? Utilize the services of c~Sharpe Security to provide:
- In-depth interviews with pertinent subject matter experts in IT, Information Security, HR, Corporate Security, Finance, Procurement, and other relevant Business areas
- Reviews of configuration settings for applications, systems, and wireless devices
- Reviews of information security policies, standards, and incident response plans
- Software Development Lifecycle assessments
- Evaluation of the Application Security, Vulnerability Scanning, and Penetration Testing programs
- Reviews of the configuration settings for all security controls including firewalls, intrusion detection systems, anti-virus, audit logging systems, file integrity solutions, active directory, and identity management systems
- Examination of cryptography and secure communication methods
PCI DSS Case Study
In the past few years, we have worked with a number of Level 1 Merchants & Service Providers within the Healthcare and Retail industries leading their Readiness Assessments to prepare them for compliance with PCI DSS. Our work with these companies has been instrumental as each of them was able to successfully pass their validation assessments without any additional remediation tasks from the Qualified Security Assessor (QSA).
Please contact us to learn more about how we can assist you