"Do the right thing" = Philotimo
PCI compliance best practices(from page 13 PCI DSS 3.0 doc):
- Monitoring of security controls—such as firewalls, intrusion-detection systems/intrusion-prevention systems (IDS/IPS), file-integrity monitoring (FIM), anti-virus, access controls, etc.—to ensure they are operating effectively and as intended.
- Ensure all failures in security controls, such as firewalls and IDS/IPS, file integrity monitoring, anti-virus.
- Review changes to environment
- Determine impact to PCI DSS scope
- Identify PCI DSS requirements applicable to item affected by the change
- Update PCI DSS scope and implement security controls as appropriate
- Changes to organizational structure (adding offices, mergers, etc)
- Periodic reviews and communications
- Review HW and SW at least annually that is continued to be supported by the vendor.
Fixvirus.com Alpha scan helps you review your systems.
We need a permission document
then we nmap scan your systems.
If you have certain ports open then I may perform vulnerability scan using tools.
I write a report - if problems exist
Your IT department fixes the problem
I run another scan to see if the problem was fixed.
Will write another report and discuss with you.$500/ip address for external IPs, if internal ips (requires onsite visit) then an onsite fee is assessed