Cyber Security Services

Cyber Security Services for E-Commerce Businesses

Assess, test, manage risk, and maintain compliance of your cyber security. Streamline the process in one place, with STRATICA.

Get a Quote

How do you uphold your customers trust and keep their data safe?
How do you maintain the security of your data to protect your business?
Did you know that you are required to conduct regular vulnerability scans and uphold a cyber security risk management framework?

STRATICA provide the tools and software to streamline all of your cyber security and PCI compliance activities, in one place.

Take back the ownership of your time and priorities. We’re here to remove the stress of your cyber security.
At STRATICA, we use our exclusive, Australian-hosted VigiOne portal (StraticaOne) to streamline the PCI compliance review process and jointly sign off with you.
Stratica has relationships with reputable and highly experienced Approved Scanning Vendors (ASV’s) and can manage the scans and penetration testing for you from start to finish.

Do you have a team that require cyber security knowledge and training? Our Cyber Security Consultants and Cyber Forensic Investigators provide staff awareness training, with valuable take-away resources to inform your team and protect your cyber security.

How can I perform a cyber security risk assessment?

PCI DSS recommends the following for a cyber risk assessment –

Get Advice. Ask Stratica about partnerships with PCI Approved Scanning Vendors (ASV) – Stratica can arrange this for you.
Also, the PCI Council website has a list of approved ASV’s.
Select a Scanner.
Run your scans and address vulnerabilities. Ask your PCI ASV for help correcting issues found by scanning.

What is cyber risk management?

PCI DSS recommends the following activities for cyber risk management –

Create a policy governing security controls according to industry standard best practices (ISO27001)
Regularly scan systems for vulnerabilities
Create a remediation schedule based on risk and priority
Pre-test and deploy patches
Rescan to verify compliance
Update security software with the most current signatures and technology
Use only software or systems that were securely developed by industry standard best practices

Do I need a cyber security risk management framework?

Yes. There is a requirement to employ a cyber security risk management framework. This is specified in the new standard R 12.2 that comes into effect with Version 4 of the PCI-DSS Standards.

Do I need to conduct regular Approved Scanning Vendors (ASV) scans?

Under Requirement 11.2, PCI Data Security Standards (DSS) requires you to complete a quarterly ASV scan for your PCI compliance.  A list of Approved Scanning Vendors is available here. STRATICA can recommend and help you choose your ASV partner.

What are ASV authorised scans and unofficial scans?

As stated in the PCI DSS, “an ASV authorised scan is performed to identify and “protect all systems against malware, and regularly update anti-virus software or programs. ASVs are approved by the [PCI] Council to validate adherence to the PCI DSS scan requirements by performing vulnerability scans of Internet-facing environments of merchants and service providers.” An unofficial scan is conducted with a scanning tool (usually freeware) but cannot be attested or used for official compliance.

What is the difference between the types of vulnerability assessments (external and internal)?

An internal scan is within your business network, whereas, as external scan is outside of your network. “To demonstrate compliance, internal scans must not contain high-risk vulnerabilities in any component in the cardholder data environment. For external scans, none of those components may contain any vulnerability that has been assigned a Common Vulnerability Scoring System (CVSS) base score equal to or higher than 4.0.”

What is penetration testing, and how often do I need to test?

Penetration testing is a simulated cyber attack, used to detect system vulnerabilities. The PCI Data Security Standards (DSS) suggest that penetration testing (external and internal) should be conducted “at least annually and after any significant upgrade or modification.”

How can payment gateway cyber security services assist my business?

If you accept card payments via a payment gateway you are required to attain PCI compliance, as per the PCI DSS. At STRATICA, PCI compliance is at the heart of our cyber security services.

STRATICA provide combined PCI consulting and cyber security services. We are a “one-stop-shop” and assist with the complexities of these processes, without the need for you to employ multiple firms.

Other compliance standards we can assist with:

ISO 27000 series
SOC2
IRAP
Vulnerability Scans

What is the benefit of using an auditor for both ISO 27000 and PCI DSS compliance?

It would be valuable to have both ISO 27000 and PCI DSS assessed at the same time particularly if you are a start-up.

Having both areas assessed means you will get both cost-savings and time-savings as well as peace of mind that your business is compliant.

Does Stratica do S0C2 assessments?

We can do SOC2 assessments (Systems and Organisations Controls version 2). SOC2 is a compliance standard for service organisations, developed by the American Institute of CPAs, to manage customer data.

offer free tool/resource