Network Test Labs Inc Security Assessment Service Description Complementary Service Offering for New Clients



Similar documents
PCI DSS. Payment Card Industry Data Security Standard.

PCI DSS v3.0 Vulnerability & Penetration Testing

PCI-DSS Penetration Testing

Sample Statement of Work

PCI Compliance at The University of South Carolina. Failure is not an option. Rick Lambert PMP University of South Carolina

How To Protect Your Business From A Hacker Attack

Spokane Airport Board (Spokane International Airport, Airport Business Park, Felts Field) Addendum #1 - Q&A

16+ PCI COMPLIANCE SOLUTIONS. Providing a High-Level Review of Your Company s PCI Obligations OVERVIEW. Our Team

Payment Card Industry Data Security Standard (PCI DSS) v1.2

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Property of CampusGuard. Compliance With The PCI DSS

PCI Compliance Top 10 Questions and Answers

PCI DATA SECURITY STANDARD OVERVIEW

PCI Compliance. Top 10 Questions & Answers

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

Payment Card Industry (PCI) Penetration Testing Standard

Two Approaches to PCI-DSS Compliance

Information Technology Security Review April 16, 2012

Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

Payment Card Industry - Achieving PCI Compliance Steps Steps

CITY OF CORONA RFP SB. ADDENDUM No. 2

ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE

PCI Compliance. PCI DSS v3.1. Dan Lobb CRISC. Lisa Gable CISM

HOW TO PREPARE FOR A PCI DSS AUDIT

Becoming PCI Compliant

Third-Party Access and Management Policy

PCI DSS Compliance Information Pack for Merchants

PCI DSS Overview and Solutions. Anwar McEntee

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions. Version 5.0 (April 2011)

Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance

What s New in PCI DSS Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1

PCI DSS Compliance Guide

How To Protect Your Credit Card Information From Being Stolen

FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program

PCI DSS READINESS AND RESPONSE

PCI Compliance. How to Meet Payment Card Industry Compliance Standards. May cliftonlarsonallen.com CliftonLarsonAllen LLP

A Compliance Overview for the Payment Card Industry (PCI)

SECURITY. Risk & Compliance Services

Kim Decarolis Compliance and Security Specialist (248) Mark Wayne Vice President Compliance and Security Specialist

PCI DSS Top 10 Reports March 2011

PCI DSS v2.0. Compliance Guide

Payment Card Industry Data Security Standards.

Payment Card Industry Data Security Standard

REQUEST FOR PROPOSAL INFORMATION SECURITY PROGRAM PROVIDER

Penetration Testing Services. Demonstrate Real-World Risk

PCI DSS Overview. By Kishor Vaswani CEO, ControlCase

PCI DSS Compliance What Texas BUC$ Need to Know! Ron King CampusGuard

PCI Compliance 3.1. About Us

PCI Compliance for Cloud Applications

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

PCI DSS. CollectorSolutions, Incorporated

1/18/10. Walt Conway. PCI DSS in Context. Some History The Digital Dozen Key Players Cardholder Data Outsourcing Conclusions. PCI in Higher Education

Frequently Asked Questions

WHITE PAPER Leveraging GRC for PCI DSS Compliance. By: Chris Goodwin, Co-founder and CTO, LockPath

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

PCI Compliance: How to ensure customer cardholder data is handled with care

Agenda. Agenda. Security Testing: The Easiest Part of PCI Certification. Core Security Technologies September 6, 2007

Information for merchants. Program implementation details for merchants. Payment Card Industry Data Security Standard (PCI DSS)

June 19, Bobbi McCracken, Associate Vice Chancellor Financial Services. Subject: Internal Audit of PCI Compliance.

PAI Secure Program Guide

Network Test Labs (NTL) Software Testing Services for igaming

PCI Compliance Overview

FREQUENTLY ASKED QUESTIONS The MasterCard Site Data Protection (SDP) Program

PCI DSS Reporting WHITEPAPER

To ensure independence, PSC does not represent, resell or receive commissions from any third party hardware, software or solutions vendors.

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

PCI Security Compliance

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

PCI DSS v3.0. Compliance Guide

HOW SECURE IS YOUR PAYMENT CARD DATA?

MONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014

Case 2:13-cv ES-JAD Document Filed 12/09/15 Page 1 of 116 PageID: Appendix A

Payment Card Industry (PCI) Data Security Standard

Protecting Your Customers' Card Data. Presented By: Oliver Pinson-Roxburgh

Cisco Advanced Services for Network Security

The PCI DSS Compliance Guide For Small Business

IBM Global Technology Services Statement of Work. for. IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

How To Protect Your Data From Being Stolen

FAQ S: TRUSTWAVE TRUSTKEEPER PCI MANAGER

SecurityMetrics Vision whitepaper

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:

Transcription:

Network Test Labs Inc Security Assessment Service Description Complementary Service Offering for New Clients Network Test Labs Inc. Head Office 170 422 Richards Street, Vancouver BC, V6B 2Z4 E-mail: info@networktestlabs.com Website: www.networktestlabs.com Promo Code: NTLSA2014 Prepared for New Clients Only Tuesday, 11 March 2014 NTL Network Test Labs Incorporated. Initially published and distributed on Tuesday, 11 March 2014.

Table of Contents 1. Introduction... 3 1.1 Purpose and Scope... 3 1.2 Service Descriptions and Options... 4 1.3 Methodology... 4 1.4 NTL s Responsibilities... 5 1.5 Customers Responsibilities... 6 2. How Network Test Labs Inc. Can Help... 7 2

1. Introduction Network Test Labs Inc. (NTL) Security Assessment service is designed for customers who are seeking to assess their IT security posture, minimize their vulnerability and reduce their security-related risks. This service evaluates the customers' existing network infrastructures and environments from a security perspective to identify security issues that may impact or threaten the customers' networks, missions and users. NTL's Security Assessment service also provides customers with valuable recommendations to close security gaps and help ensure the availability, confidentiality and integrity of the IT network and data. NTL s Security Assessment service is available for customer with either public or private networks or a combination thereof: Private (wired, 802.11x wireless) Public (wired and cellular) 1.1 Purpose and Scope The purpose of the assessment is to uncover any vulnerabilities or security weaknesses, as well as discuss these findings and mitigation advice with our customers. The threat analysis identifies the consequences/impact of the potential threats, and provides an evaluation of the likelihood of occurrence. The threat analysis will consider threats that exist within the current client network service infrastructure environment. Determine the current level of vulnerabilities and exploitable weaknesses, based on interviews, analysis and known vulnerabilities in the current client network service infrastructure. Based on the threats and vulnerabilities identified, construct a series of Threat Scenarios indicating which assets are most vulnerable and the potential consequences and perform a Risk Assessment to measure the various threat scenarios against the likelihood of occurrence and the potential consequences while indicating if existing safeguards are satisfactory or require improvement. This assessment will include the following steps: Assess all risks identified and document whether they pose a risk to the in-scope assets from a security perspective, Determine and document what impact the client may incur from an IT security perspective if a critical system asset were to be compromised, and Determine and document whether existing IT security safeguards are adequate to minimize threats and risks associated with the critical system assets. The final report will include all findings and vulnerabilities, along with suggested mitigations. 3

1.2 Service Descriptions and Options The Security Assessment services are available with the following options: Service Descriptions SANS Top 20 IP Addresses Scanned (Plus Discovery Full Scan IP Addresses Option A Up to 25 IP Up to 25 IP Intrusive & Non-Intrusive) Critical Hosts Scanned Edge Router Configuration Review Penetration Testing Web Application Security Assessment Wireless Security Assessment Secure Source Code Review Operating System Security Benchmark Database Security Benchmark Firewall Policy Review Security Policy Review Physical Security Review Up to 25 IP Up to 25 IP 1.3 Methodology NTL will use the following best practices delineated in: ISO:2002 standard security policy ITSG-33 IT Security OWASP and OSSTMM. 4

1.4 NTL s Responsibilities 1. Overall Scope. As part of each Security Assessment service, NTL s ISS team will: a. Review policies and procedures related to network security. b. Identify and map network topology and method of system interconnect. c. Collect network security scans. d. Analyze data collected. e. Provide suggestions for enhanced network security and efficiency. f. Provide recommendations and remediation strategies for closing security gaps. g. Prepare final report detailing findings and impacts to the business and mission. h. Deliver a live Executive Summary presentation of detailed findings and gap closure recommendations. 2. Project Management. NTL s ISS team will designate a point of contact (POC) and, as part of the pre-site stage, coordinate logistics and scheduling with the customer s POC for performing the service. 3. Statement of Work. Prior to beginning the engagement, NTL will prepare and deliver a Statement of Work (SOW), including a service project schedule, for the purchased Security Assessment service, which will provide detailed information about the services to be performed as part of the project. 4. Service Process. An NTL ISS engineer will complete the following process for each service option level and tier and the price to be paid by customer for such services: a. Conduct an offsite assessment overview with key customer and NTL stakeholders: Gather network definition data, network topology and applicable documents Discuss potential security impacts Review existing security policies and procedures Review any existing security audit reports b. Arrive on site to gather additional information Interview customer personnel Collect existing documentation Perform security vulnerability scans of the network Evaluate system firewalls c. Complete an off-site data assessment Perform a comprehensive security threat analysis Analyze security policies Prepare security assessment deliverables, i.e. an executive summary and detailed, formal written technical report. d. Conduct an on-site security assessment report presentation Review assessment findings in a workshop format Provide deliverables Plan follow-up Q&A session activities to take place within the following two (2) weeks 5. Final Report. NTL will provide a formal written report and a live executive summary presentation detailing the findings and recommendations. 5

1.5 Customers Responsibilities 1. Project Management. Customer must designate a POC who will coordinate logistics, schedules and technical information with the NTL POC. 2. Technical POC. Customer must designate a technical POC who is trained and knowledgeable of the project to work with the NTL ISS engineer and answer any technical or business process questions. 3. Confirmation of Scope. Customer will receive and must acknowledge in writing the Security Assessment service s SOW and Terms and Conditions (also referred to herein as the Security Assessment Agreement) provided by NTL in advance of ordering this service. 4. Access to Resources. Customer must provide appropriate access to the physical site, applicable documents and personnel to enable NTL to perform the service. Customer is responsible for all fees incurred, including labour costs and any customer-contracted third-party services, to provide such access. 5. Access to Network and Security Information. Customer must provide NTL with network topology diagrams and documented security policies and procedures for the current network and planned network architecture. Customer must also provide NTL with specific information pertaining to the IT hardware and software to which the system is connected or with which the system is otherwise interfacing. 6. Network Access. Customer must provide network access to enable NTL to connect testing and monitoring tools. 7. Assessment Project Support. Customer must complete any and all tasks assigned by NTL as part of the service engagement in a timely manner in keeping with the overall engagement schedule. 8. Safety. Customer must provide any site safety rules to NTL in advance of the engagement. 9. Administrative Resources. Customer must provide office space with customary amenities, including a desk, chair, telephone with voicemail, filing cabinet, access to copy and fax machine, access to mail and e-mail systems, access to meeting/conference room, parking at or near the facility where the office space is provided, and such other reasonable requirement identified by NTL. Customer is responsible for all costs associated with the use of these amenities. 10. Results Reporting. Customer must coordinate with NTL to schedule and arrange logistics for the final presentation of the final report. 11. Project Closure. Upon NTL s completion of all security assessment project milestones and deliverables, customer must complete and sign NTL s service acceptance certificate, signifying successful completion of all project activities. 6

2. How Network Test Labs Inc. Can Help NTL has extensive experience partnering with financial institutions, merchants and service providers nationwide by helping them with their security and compliance requirements. NTL s PCI Compliance Solutions meets data security standards required for merchants and service providers to achieve PCI compliance by addressing PCI DSS v2.0 Requirement 6.5, 6.6, 11.2 and 11.3 as follows: Performing quarterly internal and external vulnerability scans NTL, in partnership with Clone Systems are a certified Approved Scanning Vendor (ASV) by the PCI Security Standards Council, authorizing us to help you achieve compliance with the PCI Data Security Standard (DSS). NTL PCI Compliance Services perform independent and quarterly ASV vulnerability scans and produce the certified documentation for your records. In addition, NTL helps meet Report on Compliance (ROC) Audits through our trusted partner Qualified Security Assessors (QSAs). (Requirement 11.2) Using NTL to conduct penetration tests - Use NTL to perform penetration tests either in preparation for the official security assessment or for the audit itself. (Requirement 11.2, 11.3) Leveraging NTL s Managed PCI Services to provide the added value of automated quarterly scans including external vulnerability scanning - Includes up to twelve rescans per quarter at no extra charge, full remediation plans, eight hours of consulting time with one of our professional security consultants (2 hours per quarter) to review scan results and discuss remediation recommendations as well as any requested scan & report configuration changes. (Requirement 11.2) Performing NTL PCI Compliance Services - Offering annual internal and external penetration testing services required by PCI DSS in order to detect deficiencies more quickly and provide detailed recommendations for fixes that would prevent attacks. (Requirement 11.3) Performing NTL PCI Gap Analysis - For a detailed audit of your networked environment, web application development secure coding policies, physical security control policies, training polices and personnel policies, in addition to providing guidance on network segmentation to show you how to reduce the scope of your PCI audit and limit your cardholder segment. (Requirement 6.5) Performing Web application assessment testing - To identify vulnerabilities based on the OWASP Top 10 vulnerability list, in addition to providing Security Awareness Training, OWASP web development training and CEH/Penetration test training on request. (Requirement 6.6) PCI Awareness Training Program Our PCI DSS course walks learners through the requirements for PCI DSS compliance. Interactive training provides an enriched and enjoyable learning experience. An exam at the end of the course confirms your employees completion of the material. Reports can be easily generated for your own records or in the event of a PCI audit. Providing assistance in completing the appropriate PCI Self-Assessment Questionnaire (SAQ) - When required for PCI certification. 7

3. Payment Card Industry PCI Assurance Services PCI ASV Vulnerability Scanning Quarterly External Assessment PCI ASV Vulnerability Scanning Quarterly Internal Assessment PCI Awareness Online Training Program PCI Breach Protection Program PCI Database Security Assessment PCI DSS Gap Assessment Service PCI Remediation Service PCI Firewall Network Security Assessment PCI Penetration Testing Service PCI Policy Consulting Service PCI Secure Source Code Review PCI Systems Configuration and Controls Assurance PCI Web Application Assessment Service PCI Wireless Security Assessment Service 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information