Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Gap Assessment 3
Weeks
Deploy Varies
Figure 2
Touched Touched
Network Devices
Number of Routers Number of Number of Number of WLCs Number of Number
Touched SwitchesTouched Wireless Access Touched Firewalls of Content
1,039 3 89 2 6 2
Points Touched Touched Switches
Touched
Number of Modems Number of VPN Number of Devices N/A N/A N/A
Touched 1,200 Concentrators 2 - NTP Configuration 1,320
Touched
Policy, Procedures, Standards
Number of Policies Number of Number of Number of Number of Number of
Created 11 Policies Modified 2 Procedures 21 Procedures 0 Policies Phased 1 Standards 31
Created Modified out Created
Others
Number of Stores Number of Number of User Number of New Number of Number of
Touched Runbooks Created Accounts Cleaned Service Implemen- Service Imple- VA & PenTest
1,824 10 37,000 7 1 (149, 6)
tations mentations - Remediations
Modifications Performed
Number of Business Number of People Number of RFCs Number of Numberof Number
Justifications Docs taken Security Created Anti-Virus Upgrades Critical Security 300 of Stores -
3 885 282 1,718 1,110
Created Awareness Patches Applied devices Hardware
Training Encryption
Number of Stores Number of New Number of Vendor Number Scope Number Scope N/A
MPLS to Broadband 16 Vendor Contracts 1 Contracts 8 Reduction Work 7 Increase 4
Conversion Created Modified Streams Activities
Figure 3
Figure 6 (on page 6) highlights program tracking and global payment brands. Carrying out these
across the key conceptual areas within our three steps is an ongoing process for continuous
framework, covering each of the 12 requirements compliance with the PCI DSS requirements. These
defined by PCI DSS. steps also enable vigilant assurance of payment
card data safety.
The client was pleased with the results, noting
that the engagement used realistic and achievable PCI DSS 2.0 Requirements
timelines where milestones, deliverables and PCI DSS version 2.0 is the global data security
resources were continuously fine-tuned to keep standard that any business of any size must follow
key activities on track. In fact, the CIO later told to accept payment cards, and to store, process
us: We were on schedule and under budget by and/or transmit cardholder data. It presents
$500K. It was an amazing achievement for the common-sense steps that mirror best security
entire team. practices.
300
InPlace
Assessments
250 247
Figure 4
including PCs and laptops that access critical Self-assessment questionnaire (SAQ): The
systems and storage mechanisms for paper SAQ is a validation tool for merchants and
receipts, etc. Check the versions of personal service providers that are not required to do
identification number (PIN) entry terminals on-site assessments for PCI DSS compliance.
and software applications used for payment Four SAQs are specified for various situations.
card transactions and processing to ensure
they have passed PCI compliance validation.
Qualified assessors: The PCI Security
Standards Council (PCI SSC) provides programs
Note: Your liability for PCI compliance also for two kinds of independent experts to help
extends to third parties involved with your with your PCI assessment: Qualified Security
process flow; therefore, your organization Assessor (QSA) and Approved Scanning
must also confirm that partner processes are Vendor (ASV). QSAs have trained personnel
compliant. Comprehensive assessment is a and processes to assess and prove compliance
vital part of understanding what elements may with the PCI DSS. ASVs provide commercial
be vulnerable to security exploitations and software tools to perform vulnerability scans
where to direct remediation. for your systems. Visit https://www.pcise-
curitystandards.org/approved_companies_
providers/index.php for details and links to
qualified assessors.
Req12 (40) 40
Req11 (24) 2 22
Req10 (29) 1 28
Req9 (28) 28
Req8 (32) 10 22
Req3 (34) 23 11
Req2 (24) 1 23
Req1 (25) 25
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Figure 5
Figure 6
About Cognizant
Cognizant (NASDAQ: CTSH) is a leading provider of information technology, consulting, and business process out-
sourcing services, dedicated to helping the worlds leading companies build stronger businesses. Headquartered in
Teaneck, New Jersey (U.S.), Cognizant combines a passion for client satisfaction, technology innovation, deep industry
and business process expertise, and a global, collaborative workforce that embodies the future of work. With over 50
delivery centers worldwide and approximately 156,700 employees as of December 31, 2012, Cognizant is a member of
the NASDAQ-100, the S&P 500, the Forbes Global 2000, and the Fortune 500 and is ranked among the top performing
and fastest growing companies in the world. Visit us online at www.cognizant.com or follow us on Twitter: Cognizant.
Copyright 2013, Cognizant. All rights reserved. No part of this document may be reproduced, stored in a retrieval system, transmitted in any form or by any
means, electronic, mechanical, photocopying, recording, or otherwise, without the express written permission from Cognizant. The information contained herein is
subject to change without notice. All other trademarks mentioned herein are the property of their respective owners.