PCI DSS & GDPR
PCI DSS SERVICE OVERVIEW
PCI DSS are security standards for payment cards. Under PCI DSS version 2, companies are required to regularly test their security systems and processes.
Lateral Security offers auditing and certification services and uses the latest Qualys PCI certified scanning and testing tools.
Lateral Security can help you to meet the following PCI DSS requirements:
- PCI DSS requirement 11.1 - wireless access point presence and detection of unauthorised wireless access points (quarterly)
- PCI DSS requirement 11.2 - internal and external vulnerability scanning (quarterly)
- PCI DSS requirement 11.3 - external and internal penetration testing (annually and after any significant infrastructure or application upgrade or modification)
Lateral Security can also assist with:
- Security policy development to fully comply with PCI DSS
- Auditing against PCI DSS
- ISO 27001 and 17799 (27002)
- NZISM and PSR (for government)
- GDPR (see below for more information)
GDPR SERVICE OVERVIEW
If your organisation processes the personal data of European Union (EU) subjects or is offering goods or services to those EU subjects including monitoring the behaviour of those subjects then the General Data Protection Regulation (GDPR) probably applies.
Lateral Security is able to advise you on how you can achieve compliance with the GDPR. We are able to work with existing Information Management providers in your organisation or provide the skills and knowledge to build a new robust security assurance programme that meets the requirements of GDPR. Talk to us today for more information and advice.
Compliance with GDPR also comes from ensuring security (and therefore privacy) by design during the development and build phases, employing the practice of least privilege and removing unneeded data to reduce amounts of data potentially able to be disclosed.
Compliance failure can be costly with fines of up to 4% of your organisations global annual turnover or €20million, whichever is greater.
Lateral Security can help with GDPR compliance as GDPR mandates good Information Management and Information Security practices:
- Understanding the data you hold (for example a comprehensive Privacy Impact Assessment or data holdings review)
- Assessing risks associated with the data you hold (for example conduct a Security Risk Analysis)
- Designing and implementing effective security controls (for example encryption, policies and procedures, penetration testing)
- Having effective incident management guidelines, response plans and recovery procedures
- Conducting on-going reviews and assessments of the security risks and control effectiveness (for example a security assurance programme)
Department of Internal Affairs (All of Government Certified Services & Common Capability ICT): ICT-SRS Panel (CCPSA-SRS)
- Information Security Risk Management and Assessment
- Information Security Governance and Strategy
- Information Security Assurance
- Source Code and Application Review and Technical Testing
- ICT Forensics, Investigation and Security Incident Response
Get in touch for more information about how we can help.^ BACK TO TOP