PCI DSS
Consulting

Cornerstone Of Cyber Security
For Cardholder Data

Consulting – In The CyRe-sphere

Guiding Organization Footsteps To Achieve Compliance

A leading (Payment Card Industry Data Security Standard) PCI-DSS Consulting Service provider, we’re the go-to partner for companies accepting, managing, saving, or sharing credit card information. We have an excellent track record of helping companies achieve this compliance within the Card Scheme mandated or regulator-prescribed deadlines.

At Green Method, the extra mile of effort we take has ensured success for companies embarking on their first compliance journey. It’s a complex process with several process-requirements, and we are adept at streamlining all change-implementations.

Resolution On The Horizon Is Structured PCI Consulting Program

Streamlining PCI-DSS Consulting calls for a structured program and approach to PCI. At Green Method, we deliver this through phases, in manageable capsules - a structured and realistic process, customized to fit an organization’s culture and internal operations.

Our team addresses this by ensuring that your processes, technology, and people are aligned to the goal (PCI Compliance) and achieve the necessary PCI security requirements.

Challenges On The Way Of PCI-DSS Readiness

Any entity handling cardholder data, or even supporting other entities managing the same, needs to be compliant with PCI-DSS (Payment Card Industry Data Security Standard). But, if your organization needs to be PCI Compliant and/or Certified, where do you start? What's the process? Are there any assessments involved?

PCI-DCC compliance is complex and comprehensive, but it doesn't need to be a daunting process.

Method At Green Method

From Assessment To Audit – Process Perfected

Our Project team of experts includes QSAs, Information Security Process Experts, Network Security Experts, and Application Security experts. Managed by proven and qualified Project Management professionals, they engage and provide the best cost-effective solution.

Method At Green Method

From Assessment To Audit – Process Perfected

CyRe-sphere Means A Differentiated PCI

Pillars Of Proven Compliance Consulting

We simplify PCI-DSS Consulting for organizations, efficiently managing their PCI Compliance process as a complete project.
A quick win Methodology that helps organizations to swiftly achieve PCI-DSS compliance objective.
We deliver Enterprise PCI Programs through a structured approach that aligns technology, process, and people to meet and exceed the challenging PCI Security Requirements.
Our team has expertise in managing and delivering PCI Compliance programs for some of the most challenging business environments.

PCI-DSS Knowledge Hub

Answers To Help You Understand PCI Compliances

What is PCI?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store, or transmit credit card information maintain a secure environment. The PCI DSS applies to ANY organization, regardless of size or number of transactions, that accepts, transmits, or stores any cardholder data.

The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006, to manage the ongoing evolution of the Payment Card Industry (PCI) security standards, with a focus on improving payment account security throughout the transaction process. However, it is important to note that the payment brands and acquirers are responsible for enforcing compliance, not the PCI council.

What are the PCI compliance ‘levels’ and how are they determined?

All merchants will fall into one of the four merchant levels, based on Visa transaction volume over 12 months. Transaction volume is based on the aggregate number of Visa transactions from a merchant Doing Business As (‘DBA’). In cases where a merchant corporation has more than one DBA, Visa acquirers must consider the aggregate volume of transactions stored, processed, or transmitted by the corporate entity to determine the validation level. If data is not aggregated, such that the corporate entity does not store, process, or transmit cardholder data on behalf of multiple DBAs, acquirers will continue to consider the DBA’s individual transaction volume, to determine the validation level.

Avoid The Process Pitfalls Of
PCI Compliance

1. Overview

Understanding Mobile Platform Architecture
IOS Security Perspective
Android Security Perspective
Application Security Concepts and Overview
Typical Mobile Attacks and Case Studies
Developing Mobile Security Policy – In line with company security policy
Mobile App Security vs Web App Security
Mobile Stack – Security Perspective
Mobile Library – Security Perspective
Mobile Application Framework – Security Perspective
Mobile Application Layer – Security perspective
Developing Secure Mobile Apps

2. Authentication

Application Signing
File System Access – Security Perspective
Web Services Authentication
Session Management on Android
Authentication Best Practices
Authorization
Web Services Authentication
Session Management on Android
Authentication Best Practices

3. Encryption and Data Protection

Encryption Overview – Security Practices
Protecting Data at Rest
Protecting Data in transit
Web Services Encryption Best Practices
Message Authentication and Non-Repudiation
Data Privacy Issues and Concern

4. Secure Coding

Protecting against Web Services Attacks – SQL Injection, XSS
Protecting against File Inclusion Vulnerabilities
Error and Exception Management
API Level Security

5. Logging

Logging Practices – Device Logging
Centralized Logging Practices

6. BYOD and Device Administration

BYOD and Device Administration – Need and Overview
Device Admin API Coverage

7. Malware and Malware Prevention

Malware and Android
Malware – Typical Malware
Typical Malware Behavior and Characteristics
Credit card Skimmer example
Malware Prevention Practices for Apps

8. Certification Exam

C-MASP program contains hands-on interactive sessions. The trainees attending these two programs are therefore required to bring their laptops to these programs. At no point during the program would it be required for the laptop to be connected to the internet.

1. Introduction to Web Application Security

Understanding the need for Web Application Security and its challenges faced by modern enterprises, previous security incidents, high profile hacks, etc.

2. Basic Concepts of Information Security

Information Security Concepts that form the bedrock of the understanding of Web Application Security.

3. Significant Web Application Breaches

An exploration of significant attacks against web applications with a Real-life Case Study.

4. Risk Assessment and Threat Profiling Modeling

Unique Risk Assessment and Threat Profiling Modeling Technique for Web Application Security from CTO’s book “Secure Java for Web Application Development”.

Web Application Risk Assessment
Exploring methods to perform Risk Assessment for Web Applications

5. Compliance Requirements for web Application Security

Specific compliance requirements and their scope on Web Application Security.

6. OWASP Top 1

OWASP Top 10 Vulnerabilities, Testing Techniques, and Mitigation Techniques.

7. Integrating Security into Application

Integrating Security into the Application Development Lifecycle (Secure SDLC).

8. Secure Coding Guidelines

Preventing against common Web Application Vulnerabilities and Penetration Techniques.

9. Web Application Security for Specific Frameworks

Web Application Security for Specific Frameworks etc.
Web Application Threat Analysis and Threat Modeling.
Identifying Threat Models for Web Application and Integrating Security into the SDLC.
Hands-on Session
Hands-on Lab Session on major topics.
Certification Exam
C-WASP program contains hands-on interactive sessions. The trainees attending these two programs are therefore required to bring their laptops to these programs. At no point during the program would it be required for the laptop to be connected to the internet.

1. Information Security An Overview

Defining Information Security and Risk
Understanding Threats, Vulnerabilities, and their Interplay
Understanding Security Risk in Depth
Workshop exercises and Case Studies

2. Information Security Compliance

Importance of Risk Management for Compliance
Linking the Risk Treatment Plan to the
Compliance Framework Compliance Standards around the world – An Overview
The ISO-27001:2005 Standard and Implementation Framework
Success Factors – ISO-27001
Management Commitment to Security
Measurement of Effectiveness of Controls
Information Security Policies and Procedures
Security Management – Organization Structure

3. Incident Response and Incident Management

Designing a Comprehensive and Proactive Incident Management Framework
Identifying Incidents
Performing Root Cause Analysis
Incident Response and Closure
Learnings from Incidents and Corrective Action
Workshop Exercises

4. Enterprise Risk Management Framework

Risk Management Practices
Risk Assessment
Risk assessment methodology
Risk approaches
Threat Profiling
Threat Modeling
Calculating risk Authentication vs. Authorization
Data classification
Vulnerabilities
Defense-in-depth
Computer security policies
Policies, Procedures, and Working Guidelines
Workshop Exercise on Risk Assessment and Risk Management

5. Business Continuity and Disaster Recovery

Policies and Procedures – Information Security
Roles and responsibilities
Contingency and Business continuity planning
Legal and regulatory requirements
Disaster recovery strategy and plan
Business impact analysis
Incident Reporting and Handling

Part 2

INFORMATION SECURITY PARADIGMS

1. Network Security

Introduction to Networks – The OSI Model and TCP/IP Stack
IP Addressing and CIDR Block Information
Protocol Exploration – Perspectives of popular network protocols
Routers and Switches – Concept Focus
Firewalls – Concept Focus
Intrusion Detection and Prevention Systems
Network Security Documentation
Introduction to Network Change Control
Network Security Attacks today
Hands On Exercises

2. Host and OS Security

Operating Systems – Organization
Windows
Unix/Linux Flavors
File System Organization
Specific Technology Areas – Windows and Unix
Operating System – Access Control (Technology and Frameworks)
Operating Systems Services Security
Operating System Cryptographic Concepts
Operating System – Logging and File Integrity Monitoring Practices
How to perform an effective Operating System Security Assessment
Hands On Exercises

3. Application Security

Web Application Security Challenges and Principles
Web Application Attacks and Defense Strategies:
Web Application Security Program Management
Designing Secure Web Application
Web Application Security Best Practices
Web Application Security Assessment
Hands On Exercises

PCI DSS Consulting

Cornerstone Of Cyber Security For Cardholder Data

Consulting – In The CyRe-sphere

Guiding Organization Footsteps To Achieve Compliance

Resolution On The Horizon Is Structured PCI Consulting Program

Challenges On The Way Of PCI-DSS Readiness

Method At Green Method

From Assessment To Audit – Process Perfected

Method At Green Method

From Assessment To Audit – Process Perfected

CyRe-sphere Means A Differentiated PCI

Pillars Of Proven Compliance Consulting

PCI-DSS Knowledge Hub

Answers To Help You Understand PCI Compliances

What is PCI?

What are the PCI compliance ‘levels’ and how are they determined?

Avoid The Process Pitfalls Of PCI Compliance

Quick Links

Headquarter – UAE

.

Agenda – Day 1

Session 1

Session 2

Agenda – Day 2

Session 1

Session 2

Part 2

INFORMATION SECURITY PARADIGMS

1. Network Security

2. Host and OS Security

3. Application Security

Part 1

AN INTRODUCTION TO THE WORLD OF INFORMATION SECURITY

1. Evolution of Information Security

2. Glimpses into Enterprise Security

3. Risk Management Essentials

Part 3

ENTERPRISE SECURITY TRACK

PCI DSS
Consulting

Cornerstone Of Cyber Security
For Cardholder Data

Avoid The Process Pitfalls Of
PCI Compliance