Customer data security on a budget
The Open Solutions PCI DSS Self-assessment package is designed specifically for small to medium-sized online merchants that seek to improve
their payment card security and comply with PCI DSS on a modest budget.
Customer data security challenges for online merchants
- PCI DSS compliance is perceived as being a complex and costly process that
involves high-priced external PCI auditors and expensive database security and encryption technologies.
- PCI DSS compliance can no longer be ignored. Visa stiffened merchant risk management requirements following events like the TJX data breach in June 2007,
requirements, ordering compliance by September 30, 2007 or fines of up to $25,000 / month.
If you process less than 1,000,000 Visa e-commerce transactions per year you can comply with PCI DSS
with a PCI self-assessment process.
Product benefits
- Quick-startup: Get started in 15' using the ready-to-go PCI DSS self-asssment template.
- User-friendly: Based on PTA (Practical Threat Analysis) Professional Windows application
- Join a community: Join a global community of over 10,000 PTA Professional users like you
- Business impact analysis: Enables you to calculate your risk profile and choose controls in dollar values.
- What if analysis: The built-in database enables you to easily change your PCI threat model as the business evolves
and control security costs.
- Flexible reports: Produces management-level reports of risk profile at any time with a click of a mouse-button.
- Saves you money: The " optimized risk mitigation plan" report shows you the most cost-effective
security controls and their order of implementation.
Helps you stay focussed on spending money according to your business priorities and negotiate the best deals with your vendors -
can save up to 80% of the cost of security implementation.
- Faster, easier, robust, and lot more fun than with an Excel spreadsheet.
Get it now
Get a free 30-day, fully-functional version of the Open Solutions PCI DSS self-assessment package:
Open Solutions PCI DSS self-assessment is licensed under the
Creative Commons Attribution License .
PCI DSS self-assessment package - Step by Step
The PCI DSSS template contains all of the PCI DSS controls pre-mapped to merchant vulnerabilities. For example Section 5 - " Systems may be affected by viruses and malware" maps to vulnerability " Malicious viruses can enter the network e.g. via employees e-mail activities". The corresponding countermeasures to the vulnerability are " 5.1 Deploy anti-virus software on all systems commonly affected by viruses" and " 5.2 Ensure that all anti-virus mechanisms are current and actively running"
Extract the
PTA PCI 1.1 zip file into a dedicated folder. The zip contains the PCI DSS template for PTA Professional and attached documentation
in MS Word format.
- Step 0 - After you've installed the application, fire up PTA by clicking on the desktop icon
- Step 1 - Open the "PCI_DSS_1.1_Base_Model.thm" and get started using the template as your baseline; before you exit, don't forget to save the model under a new name...
- Step 2 - Enter dollar values for your assets
- Step 3 - Enter dollar value costs for countermeasures; you will have your own estimates of how much a particular control or security policy should cost,
if you're not sure - feel free to contact us at any time.
- Step 4 - Run the "Optimized Risk Mitigation Plan" report.
Congratulations! You have just built a cost-justified plan of controls compliant with PCI DSS 1.1.
- Step 5 - Refine the model. Return to the model periodically and test effectiveness of your risk mitigation program.
|