Compliance Advisory

Compliance Advisory

Security compliance is a legal concern for  organizations in many industries today. Regulatory standards like PCI DSS, HIPAA, and ISO 27001 prescribe recommendations for protecting data and improving info security management in the enterprise.

ISO 27001

ISO 27001 is a structured set of guidelines and specifications for assisting organizations in developing their own information security framework. The standard assists organizations in developing their own information security framework.

ISO 27001 suggests development and implementation of a structured Information Security Management System (ISMS), which governs the security implementation and monitoring in an enterprise. The standard is designed to serve as a single 'reference point for identifying the range of controls needed for most situations where information systems are used'.

 

Gap Assessment

Implementation

Remediation Support

Report Submission

Our Approach

We adopt a five-step methodology to manage the ISO 27001 implementation

Step I: Understanding Business Functions

The purpose of this phase is to provide the initial planning and preparation for the assignment.

Step II: Data Acquisition

The purpose of this phase is to collect all relevant data pertaining to the scoped area. This is probably the most crucial phase, since it involves meeting the stakeholders and understanding their concerns.

Step III: Risk Assessment

Tensecure’s Risk assessment methodology is a multi-fold activity comprising assigning values to the identified critical information assets, threat assessment, Vulnerability Assessment & Penetration Testing exercise and Gap Analysis.

Step IV: Design & Build

The purpose of this stage is to develop detailed and functional IT security policies and procedures for the client in line with ISO 27001.

Step V: Action Plan

The main purpose of this stage is to provide the client with a Security Improvement Program which would help the client to have a continuous improvement as well as to get ISO 27001 certification.

PCI DSS

The PCI DSS version 3.2.1 is comprised of six control objectives that contain one or more requirements. In all there are 12 specific requirements under these control objectives. The verification and reporting process may vary depending on the level of merchants and service providers. An organization is also expected to identify its category or type for identifying what requirements are applicable to it.

Gap Assessment

Implementation

Remediation Support

Report Submission

Our Approach

Tensecure helps organizations meet all the requirements with the help of its robust consulting methodology. We ensure that these requirements are met through these 6 steps:

Step I: Build & Maintain A Secure Network

Installing, configuring, and providing guidance on maintaining firewalls, intrusion detection and prevention systems, anti-virus and anti-spyware solutions.

Step II: Protect Card Holder Data

Identifying the storage, transit channel, transit method, archival and retrieval of credit card data and securing the same. Identifying and implementing the appropriate controls at each data interface and data container.

Step III: Maintain A Vulnerability Management Program

Conduct regular vulnerability identification, assessment and reporting exercises with fix implementation.

Step IV: Implement Strong Access Control Measures

Identify all logical and physical access points and ensure the access controls are present as per the requirement of the standard.

Step V: Regularly monitor & Test networks

Track and monitor all access to network resources and cardholder data. Regularly test security systems and processes

Step VI: Maintain An Information Security Policy
<p

Draft and maintain a well-defined information security policy that addresses all the pre-requisites of the standard.