PCI Remediation Services - Filling in the Gaps

Our Consultants can help your organization comply with PCI DSS Security Standard. OWL Risk Management Consulting (ORMC) liaise with your Qualified Security Assessor (QSA) to provide professional services that complements their work to provide an overall PCI compliant environment.

OWL Risk Management Consulting allows savings against traditional QSA's in providing a lower cost option for meeting PCI Compliance. ORMC has significant expertise in assisting companies for PCI Compliance.

The PCI services that ORMC will provide your company include:

  • Preparation of the Self Assessment Questionare (SAQ)
  • Remediate any issues declared not compliant in the SAQ
  • Act as the point of contact for your company to liaise with your QSA
Click here for further information about the PCI DSS Compliance

Customer data security on a budget

ORMC PCI self-assessment package is designed specifically for small to medium-sized online merchants that seek to improve their payment card security and comply with PCI DSS on a modest budget.

Customer data security challenges for online merchants

• PCI DSS compliance is perceived as being a complex and costly process that involves high-priced external PCI auditors and expensive database security and encryption technologies.

• PCI DSS compliance can no longer be ignored. Visa stiffened merchant risk management requirements following events like the TJX data breach in June 2007, requirements, ordering compliance by September 30, 2007 or fines of up to $25,000 / month.
 

If you process less than 1,000,000 Visa e-commerce transactions per year you can comply with PCI DSS with a PCI self-assessment process.

Product benefits

  • Quick-startup: Get started in using the ready-to-go PCI DSS self-assessment  template.
  • User-friendly: Based on PTA (Practical Threat Analysis) Professional Windows application.
  • Join a community: Join a global community of over 10,000 PTA Professional users like you.
  • Business impact analysis: Enables you to calculate your risk profile and choose controls in dollar values.

  • What if analysis: The built-in database enables you to easily change your PCI threat model as the business evolves and control security costs.

  • Flexible reports: Produces management-level reports of risk profile at any time with a click of a mouse-button.

  • Saves you money: The " optimized risk mitigation plan" report shows you the most cost-effective security controls and their order of implementation. Helps you stay focused on spending money according to your business priorities and negotiate the best deals with your vendors - can save up to 80% of the cost of security implementation.

  • Faster, easier, robust, and lot more fun than with an Excel spreadsheet.

Get it now

Get a free 30-day, fully-functional version of the OWL Risk Management Consulting PCI DSS self-assessment package:
  
ORMC PCI DSS self-assessment is licensed under the Creative Commons Attribution License .

PCI DSS self-assessment package - Step by Step

The PCI DSSS template contains all of the PCI DSS controls pre-mapped to merchant vulnerabilities. For example Section 5 - " Systems may be affected by viruses and malware" maps to vulnerability " Malicious viruses can enter the network e.g. via employees e-mail activities". The corresponding countermeasures to the vulnerability are " 5.1 Deploy anti-virus software on all systems commonly affected by viruses" and " 5.2 Ensure that all anti-virus mechanisms are current and actively running".

Extract the PTA PCI 1.1 zip file into a dedicated folder. The zip contains the PCI DSS template for PTA Professional and attached documentation in MS Word format.

Step 0 - After you've installed the application, fire up PTA by clicking on the desktop icon

Step 1 - Open the "PCI_DSS_1.1_Base_Model.thm" and get started using the template as your baseline; before you exit, don't forget to save the model under a new name...

Step 2 - Enter dollar values for your assets

Step 3 - Enter dollar value costs for countermeasures; you will have your own estimates of how much a particular control or security policy should cost, if you're not sure - feel free to contact us at any time.

Step 4 - Run the "Optimized Risk Mitigation Plan" report.
Congratulations! You have just built a cost-justified plan of controls compliant with PCI DSS 1.1.

Step 5 - Refine the model. Return to the model periodically and test effectiveness of your risk mitigation program.



Contact Us       
__________________________________
Toll-free: 1-866-579-7475
Fax: 1-919-776-2740
Email: info@owlrisk.com
Call Toll Free 1-866-579-7475 * ©2008 OWL Risk Management Consulting, LLC. All rights reserved.