NetworkiNg SolutioNS

1 . 8 0 0 . i N S i g H t t i N S i g H t. c o m

PCI Gap Analysis OverviewManaging risk within your environment can be challenging, requiring risk, business and IT managers to quantify and balance the variables that contribute to risk — such as Governance, Business Operations, Assets, Threats and Vulnerabilities. As part of our Security Assessment and Compliance Management practice, Insight Networking provides a set of services to guide our clients through the complex maze that is the Payment Card Industry (PCI) Data Security Standard (DSS), The first step in pursuing compliance is to evaluate the current state against what is required by the DSS. The Insight PCI Gap Analysis makes available our staff of PCI Qualified Security Assessors (QSAs) to provide an officially supported, auditor’s opinion of the current state of your compliance and a detailed list of recommended projects necessary to close any gaps.

PCI Gap Analysis BenefitsThe DSS is a complicated fusion of best practices, technologies, policies and operational procedures. While all merchants and service providers are required to comply with all 220+ items in the standard, there is sufficient flexibility to allow each covered entity to comply in the manner that best suits the organization. However, this flexibility also creates an opportunity to misinterpret the requirements, resulting in a false state of compliance. By engaging Insight as your PCI compliance partner, you will gain access to Insight’s expertise as a PCI Qualified Security Assessor (QSA) in validating your current compliance state. Beyond this initial evaluation, we also provide detailed recommendations in the form of individual projects that are necessary in order to come into compliance. Our status as a QSA ensures that our analysis is accurate and complete. Our deep expertise in designing and implementing technology ensures that our recommendations are based on realistic expectations for security and ongoing management while minimizing the impact on “the business”.

Our Proven MethodolgyOur approach starts with understanding your business environment and your objectives. The goal of this understanding is to become an extension of your team and provide

SuCCeSS StOrIeS

Insight has successfully delivered

our Insight PCI Gap Analysis

service to a wide range of industries

including:

• Retail/E-Commerce

• Medical

• Financial Services

• Manufacturing

• State & Local Government

PCI Gap Analysis

ABOut InSIGht

Insight Networking is a strategic business unit of Insight, a technology solutions provider serving global and local clients in 170 countries. Today, thousands of clients, including more than 80 percent of the Global Fortune 500, rely on Insight to acquire, implement and manage technology solutions to empower their business. Insight provides software and licensing services globally. In addition, we offer a comprehensive portfolio which also includes networking, hardware and value added services for our clients in North America and the U.K. We are aggressively expanding our global capabilities by introducing new offerings, including hardware and services, to meet emerging needs for our clients worldwide. Insight is ranked No. 484 on the 2009 Fortune 500.

1 . 8 0 0 . i N S i g H t t i N S i g H t. c o m

recommendations on how to comply with the DSS while minimizing the intrusion on established business operations. Our QSA auditor will spend sufficient time with your IT staff and business leadership to learn the ways in which your company interacts with cardholder data. Furthermore, during this time, they will measure your current compliance with each of the 228 requirements in the DSS. With “current state” information at hand, the QSA will analyze all of the gaps in your compliance program and make targeted, detailed and realistic recommendations to address each gap. The outcome of this analysis is a final report that embodies the remediation program necessary to come into compliance. Our recommendations are driven by proven risk management strategies that will implement a level of security appropriate to your company and through which compliance will be assured. The report includes sufficient information to justify the expense to the business, sample Gantt charts that show the relationship between the recommendations and an approximate time frame necessary to complete the remediation program.

Insight Compliance and risk Management Offerings • Perimeter Security Assessments • Internet Security Assessment • Wireless Security Assessment • Remote Access Security Assessment • Firewall Policy & Configuration Analysis • Internal Security Assessments • Internal Risk & Vulnerability Assessment • Data Management Practices Assessment (DBAs) • Data Management Practices assessment (End users) • Web Application Security Assessment • Social Engineering Assessment • HIPAA Compliance Consulting • NERC CIP Compliance Consulting • GLBA/FFIEC Compliance Consulting • Network and Host Security Technology Design and Implementation • 24x7 Managed Network and Security Services

Insight and the Insight logo are registered trademarks of Insight Direct USA, Inc. All other trademarks, registered trademarks, photos, logos and illustrations are the property of their respective owners. ©2009, Insight Direct USA, Inc. All rights reserved. Updated 5.09