|
|
||||
|
Payment Card Industry - Data Security Standard (PCI-DSS) Evaluation |
||||
|
Tess Professional Security Engagement Services provides Certified Information Security Professionals (CISSPs) who are trained evaluators in National Security Agency (NSA), Information Security (INFOSEC) Assessment Methodology (IAM) and Network Security Evaluation (IEM) to perform PCI Security Standard evaluation. These two additional certifications to the CISSP demonstrate security professionals knowledge, experience, skills, and abilities in performing PCI-DSS security evaluation. The PCI-DSS security requirements apply to all "system components" which is defined as any network component, server, or application included in, or connected to, the cardholder data environment. Network components, include, but are not limited to, firewalls, switches, routers, wireless access points, network appliances, and other security appliances. Servers include, but are not limited to, Web, database, authentication, Domain Name Service (DNS), mail, proxy, and Network Time Protocol (NTP). Applications include all purchased and custom applications, including internal and external (Web) applications. Tess professionals provide the expertise to assist corporate managers in the assessment of the vulnerabilities and risks of systems, applications, networks and sites as a minimum in order to develop and implement cost-effective security measures in the mitigation of PCI-DSS risks. The following 6 major areas and 12 security requirements comprise of the PCI-DSS security evaluation as of 2005:
|
|
|||
