Comprehensive PCI Services
TrustedSec is a Qualified Security Assessor Company (QSAC) through the PCI SSC. TrustedSec employs many QSAs, some of whom have been in place since the PCI SSC began the program nearly 20 years ago. TrustedSec QSAs will recognize and suggest the best options available, from PCI Readiness Assessment to PCI SAQ Assistance and issuance of a PCI DSS Report on Compliance (ROC).
Scoping and Gap Assessments
As the first steps in ensuring PCI compliance, scoping and gap assessments include having the appropriate people, processes, and technical controls aligned to an organization’s compliance scope. Whether the organization is new to PCI or is already compliant but new to the latest DSS version 4, TrustedSec is able to help.
SAQ Assistance
Depending on transaction levels, merchants and service providers may be able to report compliance with a Self-Assessment Questionnaire (SAQ). Depending on the in-scope payment channels, an organization may be able to test fewer controls than the full SAQ type D and the entire DSS. While completing an SAQ report can help reduce the cost and burden of reporting PCI compliance, all in-scope requirements must be verified as in place. TrustedSec can help reduce the organization's burden in verifying compliance and provide independent attestation that compliant operations are in place.
PCI ROC Assessment
The PCI ROC Assessment is a formal assessment performed by a PCI QSA. It includes on-site interviews with subject-matter experts, review of documentation and evidence, and samples of key systems to ensure that controls are in place. At the end of the engagement, two (2) artifacts will be produced reflecting the compliance status of the payment processing or supporting environment, including a ROC and an Attestation of Compliance (AOC).
PCI ASV Vulnerability Scans
For vulnerability scanning requirements needing an Approved Scanning Vendor (ASV), TrustedSec offers these PCI services. Compliant ASV scan reports identify known vulnerabilities at least every 3 months.
PCI Penetration Testing
PCI Penetration Testing employs blended threat scenarios to test the effectiveness of your cardholder environment as required by the Payment Card Industry Data Security Standard (PCI DSS).
PCI Implementation Guidance
Every organization has unique challenges, is in a different place, and needs to approach solutions at a different pace. By utilizing TrustedSec's resources, a constant measure of guidance can be shared over time.
“Having access to industry leaders right here at TrustedSec makes solving our clients' challenges easier.”Paul SemsManaging Director of Remediation Services
Paul Sems
Managing Director of Remediation ServicesPaul and his team work with clients to harden their environments against attacks and help them recover after security incidents.
The Value of Compliance: Minimizing the Impact of PCI DSS 4.0
Get practical advice and resources to help your business navigate the road ahead from our expert speaker, Chris Camejo, Compliance Services practice lead and a…
PCI Dream Team: PCI 4.0 and New Book Release
Coop
GRC in an AI World - Staying in the Fast Lane Without Losing the Race!
Artificial Intelligence (AI) is the new buzz word on the streets. It’s becoming “the best thing since sliced bread” in the IT world and is being used by…
Introduction to MITRE Mapping - Cloud, On-Prem, and Active Testing Techniques
Whether you're just getting started with MITRE ATT&CK® or looking for ways to improve your tactics, this session will give you practical knowledge to…
The Defensive Stack is Exposed: LLMs, Reverse Engineering, and the End of Opaque Defense
Everyone is talking about LLMs finding zero days. That is not the only story. The story is what happens when you point these models at the defensive tools…
ARP Around and Find Out: Hijacking GPO UNC Paths for Code Execution and NTLM Relay
TL;DR - If you have WriteGPLink on an Active Directory Organizational Unit (OU) and you’re on the same network segment as a computer within that OU, you can…
Kerberos with Titanis
In this article, I’ll walk you through the basics of Kerberos, how to use Titanis for the different parts, and how to mitigate some problems.Titanis SetupI use…
Mythos, Memory Loss, and the Part InfoSec Keeps Missing
InfoSec has a bad habit of acting like history started this morning. Something new lands, the industry loses its mind for a week, vendors start talking like…
Dungeons and Daemons
Play Roll for Initiative. Hack the Planet.Dungeons & Daemons is a cybersecurity RPG that drops you into the boots of a Red Team operator on a live…
You Had Us at the First Alert: A Guide to Finding Frequently Missed Detections
Join us for this webinar to get a clearer picture of where your detection coverage has blind spots and a practical roadmap for closing them before a real…