Warning: DOMDocument::loadXML(): Start tag expected, '<' not found in Entity, line: 1 in /home/content/00/9996700/html/wp-content/plugins/premium-seo-pack/modules/title_meta_format/init.social.php on line 483

Services: Governance, Risk & Compliance

Monitor, Manage and Protect

Good governance is the cornerstone of a solid security practice, providing a stable foundation for risk management and compliance. The key to success is knowing your risks and responding to threats in full compliance. Mainstream’s Governance, Risk and Compliance Consulting Services empower your team to build strong, scalable governance policies utilizing these key tools:

Incident Response Program Development

  • Assign responsibility for evaluating, responding and managing security incidents
  • Develop employee guidelines regarding escalation and reporting procedures
  • Assess preparation adequacy by testing incident response guidelines to ensure that the procedures correspond with business continuity strategies

 

Security Program Development

  • Safeguard the confidentiality, availability and integrity of sensitive data
  • Take a proactive approach to security strategy and measurement of risk
  • Evaluate your security program against the ISO 27002 and the standards pertinent to your industry, such as PCI DSS, HIPAA, PHI, Sarbanes Oxley (SOX), the Gramm-Leach-Bliley Act (GLBA), etc.
  • Discover weaknesses and prescribe solutions
  • Improve overall security strategy within an efficient and formal audit format that effectively mitigates risk

 

Data Discovery and Mapping

  • Protect confidentiality by developing a detailed inventory of the file and database instances in which the confidential data exists and to whom it is available
  • Locate sensitive data within corporate environments with Mainstream’s PII Finder services which combine customized data scanning software with the experience of seasoned data discovery engineers
  • Strengthen your security practice armed with detailed knowledge of your enterprise’s popular databases, file systems and application environments

 

Risk Audit

Auditing is an essential first step in adequately managing your IT risk. Mainstream’s top-tier auditing process applies proven frameworks, such as COBIT, ITIL, ISO 27001, NIST 800 to help you:

  • Identify and define risks
  • Establish controls to mitigate risks
  • Apply frameworks for demonstrating compliance

 

ISO Program Development

ISO/IEC 27001:2005 formalizes explicit guidelines for managing IT Security controls. This program development sets a standard for your organization with specialized requirements for addressing needs holistically.

Implementation of the ISO/IEC 27001 allows your enterprise to scale application of controls to key business processes. Compliance or adoption of the standard can be audited and compared against the multi-domain list of controls within the standard.

According to the ISO 17799:2005 (ISO 27002) standard, controls considered to be common practice for information security include:

  • information security policy document
  • allocation of information security responsibilities
  • information security awareness, education and training.

To build an effective information security management system (ISMS), organizations must create, publish and maintain an information security policy for their IT security program.

 

Mainstream helps companies manage compliance efforts more productively and efficiently, providing:

  • Vulnerability assessments and scanning
  • Security program management
  • PCI, SOX, HIPAA and state-based compliance consulting
  • Evaluation and integration of partner program into compliance practice

A thorough security risk assessment is crucial to protecting your organization, as well as helping you manage costs, preserve flexibility, and maintain the data availability your business needs to compete successfully.

PCI Pre-Assessment

If your organization is preparing for its first PCI DSS audit or its annual renewal, the Mainstream PCI pre assessment can ensure success. Mainstream provides an objective, third-party review of your readiness and controls prior to engaging in a PCI DSS audit. This assessment includes possible remediation recommendations for meeting PCI DSS compliance.  Our deliverables cover:

  • Gap analysis
  • Remediation plan
  • Ongoing support through actual audit

The scope of our Pre-PCI Assessment Services features a thorough review of all six control areas and 12 requirements as defined in PCI DSS Version 2.0.  Mainstream will prepare a detailed gap analysis and remediation plan to support compliance with the actual audit.  Mainstream conducts interviews, reviews pertinent information, utilizes proprietary applications, provides detailed questionnaires, checklists and scoring to clearly identify areas of concern.

The PCI Pre-Assessment covers all six control areas:
  • Build and Maintain a Secure Network
  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Networks
  • Maintain an Information Security Policy

 

PCI Prep

If your business depends on developing a plan to achieve compliance, depend on Mainstream. Our PCI Prep service is ideal for organizations that want to perform and implement compensating controls prior to their formal PCI DSS audit by a QSA-certified auditor. This preparation service is especially beneficial to senior executives as it can be used to inform them about the PCI DSS process—including how it impacts current business strategy. It also details the potential costs of compliance vs. non-compliance.

How it Works: Mainstream provides a quick, cost-effective snapshot of your organization’s compliance with PCI DSS Version 2, including gap analysis, high-level remediation plan development, vendor assessment and selection, and ongoing support through the actual Report of Compliance.

The scope of our PCI DSS Assessment Planning includes a thorough review of your company’s current business processes and data flow involving credit card data, vendors, suppliers or customers. After mapping the business processes and data flow our team will overlay the six control domains and 12 requirements of the PCI DSS; review any compensating controls; and interview key stakeholders.

The service covers all six domains of PCI DSS Version 2.0:

  • Build and Maintain a Secure Network
  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Networks
  • Maintain an Information Security Policy

 

PCI Audit Defense

Undergoing a PCI audit can be an overwhelming process for merchants handling cardholder data. The PCI requirements are subject to interpretation, and many businesses do not have the resources to prepare for a formal audit.

Mainstream PCI audit defense services support your business by:

  • Defending your PCI compliance program in a manner consistent with your business objectives
  • Preparing for and engaging in an “audit defense” strategy once the proper controls are in-place
  • Serving as your strategic advisor when the PCI auditor meets with your team
  • Advising on compensating controls with PCI Auditor