What is PCI compliance?

PCI DSS (Payment Card Industry Data Security Standard) has set forth requirements and security assessment procedures for organizations that accept credit cards as payment. Organizations that fail to keep up with the scans set forth in this rule may receive notification that they are required to submit PCI compliance validation, which includes copies of these scans. Failure to do so can result in fines and possible termination of your ability to accept credit card payments. Pier64 provides all the required scans and documentation to ensure you are in compliance. Even if your organization does not handle protected health information or accept credit card payments; the security of your infrastructure and data must be paramount. Our Risk Assessment Service is designed to meet the needs of any organization. We believe that each of our clients should be more secure than even the top Fortune 100 companies.

PCI Requirement 11.2

“Run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades).”

Organizations...

...that fail to keep up with the scans set forth in this rule may receive notification that they are required to submit PCI compliance validation, which includes copies of these scans. Failure to do so can result in fines and possible termination of your ability to accept credit card payments. Pier64 provides all the required scans and documentation to ensure you are in compliance.

What is HIPAA Compliance?

HIPAA (Health Insurance Portability and Accountability Act) sets strict requirements for organizations that creates, receives, maintains, or transmits Protected Health Information (PHI). By partnering with Pier64, your organization ensures against potential external threats by allowing the assessment to be conducted by an outside company with the expertise required to help you maintain security and compliance. Our Security Scanning Service identifies potential vulnerabilities and this information is delivered to you in a straightforward report with steps and suggestions for improvement where needed.

Risk Analyses - § 164.308(a)(1)(ii)(A)

“Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity.”
By partnering with Pier64, your organization ensures against potential external threats by allowing the assessment to be conducted by an outside company with the expertise required to help you maintain security and compliance.

Risk Management - § 164.308(a)(1)(ii)(B)

“Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with § 164.306(a) [(the General Requirements of the Security Rule)].”
Our Security Scanning Service identifies potential vulnerabilities and this information is delivered to you in a straightforward report with steps and suggestions for improvement where needed.

Why Cyber Security Matters

Investing in Cyber Security measures is a business decision. However, the security of a business network’s infrastructure is not a decision that many businesses understand in terms of risks, cost, and repercussions. If you consider, we are required to have insurance for our homes and vehicles yet cyber security is frequently overlooked as an afterthought in the hierarchy of budget spending. So what are the risks to be considered? For one, businesses and organizations of all sizes are targets to malignant infiltrations. The average cost of recovery from a ransomware attack is $84,000. Security is a layered solutions process where strategies for prevention are coupled by up to date service protocols. Cyber attacks are hugely costly in terms of both monetary loss and damage to a company’s reputation; its most valuable asset. Let’s take a look at some statistics to understand the growing pressure businesses face in terms of Cyber Security defense. According to research conducted by the Ponemon Institute, 66% of small and midsize businesses (SMBs) in the US, UK and Europe have experienced a malicious cyber attack in the past 12 months. This figure goes up to 76% when considering companies in the US alone. What’s more, there appears to be a steady uptick in more sophisticated attacks that cause The worldwide information security market is forecast to reach $170.4 billion in 2022. A study demonstrated that 4.1 billion breaches were reported the first half of 2019 and did not account for the unreported incidents.

62% of businesses experienced phishing and social engineering attacks in 2018
68% of business leaders feel their Cyber Security risks are increasing
Only 5% of companies’ folders are properly protected, on average
Data breaches exposed 4.1 billion records in the first half of 2019
71% of breaches were financially motivated and 25% were motivated by espionage
Hackers attack every 39 seconds, on average 2,244 times a day
The average time to identify a breach in 2019 was 206 days
The average cost of a ransomware attack on businesses is $133,000
69% of organizations don’t believe the threats they’re seeing can be blocked by their anti-virus software
Businesses spent $1.3 million on average to meet compliance requirements and are expected to put in an additional $1.8 million
By 2020, security services are expected to account for 50% of Cyber Security budgets
The average cost of a malware attack on a company is $2.6 million

These are just a few of collected studies and statistics to highlight the exponential growth of cyber attacks and the cost in incurs on businesses. Here at Pier64 we have devoted ourselves entirely to specified security which shows in our results, flawless audits, reputation, client retention, and detailed personal recommendations. Our team is constantly up to date and devising the architecture, strategies, information, and intelligent systems, to provide convenience and clarity. We stand by providing flawless security for a business landscape that is exposed to ever changing vulnerabilities. Empowering your network structure with a system that visibly identifies your vulnerabilities is an investment companies at all levels should take seriously. With the rising statistic of breaches and malware increasing with greater scope the proper security implementation can become complicated. Hackers do not care about the size of your business but look to target any company with the weakest security. Data privacy and security in today’s rapidly changing dynamic should usher a further adoption of prioritizing IT security into common business culture practices. Having the right direction, consultation, and technology that keeps ahead of the attacks is what Pier 64 is dedicated to providing. As you invest in us we invest in the resiliency of your business.

Security Strategy

Innovative Solution

Pier64 always adheres to industry standard methodologies like CIA and SDLC when complying with security best practices and developing solutions for our clientele. By doing so, it enables Pier64 to build highly functional and sustainable solutions. We adapt these methodologies to set the framework for developing unique standards documents and processes for our clients as well. It has been a very successful model that brings new levels of efficiency to businesses.

SDLC - Software Development Life Cycle

Requirements - We start by understanding the client’s vision and business goals.
Analyze - We then assess the infrastructure to determine if there existing assets that can be leveraged better or that are underutilized, map out the environment to understand the relationship/workflow and determine where there points of failure or are vulnerable.
Design - Collaborating with the client, we architect the solution making sure that all requirements are met.
Implement - Once the client approves of the solution design, we extensively vet the solution in a stage environment before putting it into production.
Test - After the solution is in production, we continuously test and monitor it.
Refine - At this stage in the cycle, we make any adjustments, and review the deliverable to make sure we have met the ROI.

CIA - Confidentiality, Integrity and Availability

The CIA Triad model is the industry standard for information security. It was developed to measure and evaluate the security of information in three distinct areas; confidentiality, integrity, and availability.

Confidentiality - Who should have access to as well as determine the sensitivity level of the data.
Integrity - How the data should be transmitted and stored to avoid unauthorized modification or destruction.
Availability - Accessibility of the data itself.

The challenge most businesses face is how to apply this model to create a balanced security plan. Pier64 possesses the expertise from decades of experience designing and implementing security policies using the CIA Triad model. We work with our clients find the right mix between the three.

SoD - Separation Of Duties

Separation of duties has four primary classifications. The most common is individual separation or the “four eyes principle” which is typically the primary separation used when establishing role based access control (RBAC). Pier64 implements RBAC by separating the individual performing the function from the individual auditing it. To illustrate separation of duties in a little more detail, see the following example.

1. Identification of a requirement (or change request); e.g. a business person
2. Authorization and approval; e.g. manager
3. Design and development; e.g. a developer
4. Review, inspection and approval; e.g. an architect
5. Implementation in production; e.g. system administrator

Why is compliance important?