PKF Avant Edge

PKF CONTROL CASE

COMPLIANCE AS A SERVICE

PKF Avant Edge Sdn. Bhd.

www.pkfmalaysia.com | www.controlcase.com

CHALLENGES OF PCI

From recent internal study based on Control Case customer

experiences, we identified the following:
a) For 1st Time Certification, the biggest challenge faced is the
remediation activities. This is mostly due to an overly large scope
and the inability to focus on remedial activities
b) For yearly maintenance, the biggest challenge faced by our
customers is to embed PCI practices in their business as usual
c) Clients with strong Project Management can usually navigate
through PCI, while most of the stalled PCI cases are due to the
lack of firm project management and stakeholder buy-in
d) In the effort to reduce the complexity of remediation efforts and
yearly maintenance, Control Case have created our Compliance
as a Service (CAAS) products/services.

PKF Avant Edge Sdn. Bhd.

www.pkfmalaysia.com | www.controlcase.com

COMPLIANCE IN A BOX

PKF Avant Edge Sdn. Bhd.

www.pkfmalaysia.com | www.controlcase.com

IT GRC PORTAL

Centralized Dashboard of Compliance Status

Project Management
Certificate based access restriction
Evidence Collection Checklist

Gap Monitoring & Closure

ASV Scanning

Application Security Scans

Vulnerability Scans

Policy/Procedure Review
PKF Avant Edge Sdn. Bhd.

www.pkfmalaysia.com | www.controlcase.com

PCI DSS TRACKER

PKF Avant Edge Sdn. Bhd.

www.pkfmalaysia.com | www.controlcase.com

PROJECT MANAGEMENT AND EVIDENCE LIST

Project Management
- Tracking of project
- KPIs
- Deliverables and milestones
- Documentation and progress
- Onsite PMP certified consultants
to manage projects
- Evidence management and 135
questions
- Based on Prioritised approach
method
PKF Avant Edge Sdn. Bhd.

www.pkfmalaysia.com | www.controlcase.com

145 EVIDENCE CHECKLIST

One of the biggest issues during remediation are clients not knowing how
much effort, money or time is needed or what needs to be done. With the
Control Case Evidence Checklist, we will ensure that you have proper
milestones and signposts to ensure you are on the right track; that investments
are efforts are not wasted; that all input into the PCI project is properly used to
obtain or maintain compliance. Most companies are burdened by BAU issues
and have limited resources for compliance. This way, we can significantly
optimise and streamline your compliance efforts.

PKF Avant Edge Sdn. Bhd.

www.pkfmalaysia.com | www.controlcase.com

FIREWALL & ROUTER RULEBASE REVIEW

Covers most of the requirements of requirement-1

Firewall/Router rule base review Bi-Annually
Finds out list of services, protocols and ports which are not
necessary for business
Detects direct connections from Internet to Cardholder data and vice
versa
Detects unauthorized outbound Traffic from cardholder data
environment to Internet

PKF Avant Edge Sdn. Bhd.

www.pkfmalaysia.com | www.controlcase.com

CARD HOLDER DATA SEARCH

Possible assets having Cardholder information are File-system,

Databases
Detects Sensitive authentication data like Track data
Detects Credit and Debit card numbers
Identifies exact location with complete path of the file on file system
Provides information such as Database ->Table -> Field name
containing card numbers

PKF Avant Edge Sdn. Bhd.

www.pkfmalaysia.com | www.controlcase.com

APPLICATION SECURITY TESTING

Prepares for requirement 6.6 & 11.3.2

Test Web application and Custom application for Vulnerabilities

Check Web Applications for OWASP Top 10 vulnerabilities

PKF Avant Edge Sdn. Bhd.

www.pkfmalaysia.com | www.controlcase.com

NETWORK VULNERABILITY ASSESSMENT

Prepares for requirement 11

Needs to be conducted on quarterly basis
Must be run on all internal and external Servers and network devices

PKF Avant Edge Sdn. Bhd.

www.pkfmalaysia.com | www.controlcase.com

ASV SCAN

Prepares for requirement 11.2.2

Needs to be conducted on quarterly basis

This must be done from PCI SSC Approved Scanning vendor

PKF Avant Edge Sdn. Bhd.

www.pkfmalaysia.com | www.controlcase.com

POLICY MANAGEMENT

Prepares for requirement 12

Policy approval

Policy review
Policy dissemination

PKF Avant Edge Sdn. Bhd.

www.pkfmalaysia.com | www.controlcase.com

SECURITY AWARENESS TRAINING

Prepares for requirement 12.6

Educate personnel upon hire and at least annually

Manages Acknowledgement from personnel

PKF Avant Edge Sdn. Bhd.

www.pkfmalaysia.com | www.controlcase.com

RISK ASSESSMENT

Automates requirement 12.1.2

To be conducted annually

Formal risk assessment covering threats and vulnerabilities

Quantitative risk assessment approach

PKF Avant Edge Sdn. Bhd.

www.pkfmalaysia.com | www.controlcase.com

FILE INTEGRITY MONITORING

Prepares for Requirement 11.5

Software or SaaS option

Should be present on all the servers covered under PCI Scope

Capable of conducting verifying integrity on Weekly basis
Capable of alerting

PKF Avant Edge Sdn. Bhd.

www.pkfmalaysia.com | www.controlcase.com

LOGGING AND MONITORING

Prepares for Requirement 10, 12.9.3

Collects logs from various assets

Capable of reading proprietary logs and convert to standard logs

Capable of Analyzing and monitoring logs
SOC team alerts at various levels based on escalation matrix

PKF Avant Edge Sdn. Bhd.

www.pkfmalaysia.com | www.controlcase.com

CALENDAR OF COMPLIANCE

PKF Avant Edge Sdn. Bhd.

www.pkfmalaysia.com | www.controlcase.com

DASHBOARD

PKF Avant Edge Sdn. Bhd.

www.pkfmalaysia.com | www.controlcase.com

DASHBOARD

PKF Avant Edge Sdn. Bhd.

www.pkfmalaysia.com | www.controlcase.com

DASHBOARD

PKF Avant Edge Sdn. Bhd.

www.pkfmalaysia.com | www.controlcase.com

FOR MORE INFORMATION

PKF Avant Edge Sdn. Bhd. (892515-W)

Email:

stevie@pkfmalaysia.com

Web:

http://www.pkfmalaysia.com

Address:

Level 33, Menara 1MK,

Kompleks 1 Mont Kiara,

No.1, Jalan Kiara, Mont Kiara
50480 Kuala Lumpur
Mobile:

+6019 278 8629

Telephone:

+603 6203 1888

Facsimile:

+603 6201 8880

PKF Avant Edge Sdn. Bhd.

www.pkfmalaysia.com | www.controlcase.com