Loading...

Managed IT & Cloud for Financial Services

Managed IT & Cloud for Financial Services2017-12-18T19:31:16+00:00

Project Description

Managed IT for Financial Services Industry

For mortgage companies, insurance providers, software vendors, banks and more, the challenge of managing, processing, and securing a virtually endless array of complex information is growing by the second. Sequentur’s expertise turns your operation into an optimized machine.

Compliance

Stability

PCI/DSS Solutions

The Main Components of a PCI/DSS Solution

  • Firewalls
  • Configuration Standards
  • Protect Stored Cardholder Data in Transmission
  • Antivirus and Malware
  • Secure Applications
  • Access Control and User IDs
  • Physical Security
  • Logging and Monitoring
  • Vulnerability Management
  • Policies and Procedures

PCI/DSS Compliance

Data breach of important card information has become more and more common; as we hear about this issue regularly on the news and in mainstream media. This results in loss of reputation and customers for the business directly, regulatory notification requirements, possible financial liabilities, and even litigation.

Since mandatory introduction of PCI-DSS version 3 on Jan 1, 2015, the following control objectives are now required:


Build and maintain a secure network
Protect cardholder data
Maintain a vulnerability management program
Implement strong access control measures
Regularly monitor and test networks
Maintain an information security policy

A main component of PCI DSS compliance that is often overlooked

is employee usage of computers to access email and browse the web. This includes manager PC’s that are used to complete work related tasks; but simultaneously can be used for personal reasons as well. Vulnerabilities are often introduced through employee email and web browsing and unsecured wireless access points.

It is necessary to have a fully implemented network segmentation, updated security patches, and necessary monitoring (through log reviews, intrusion detection/prevention, and quarterly vulnerability scans). It is also necessary to remove unnecessary services when setting up a system to prevent compliance issues.