In partnering with BraveCraft, you'll notice right away that we regard the security of your data as if it was our own! More than just fulfilling the role of an independent auditor or Qualified Security Assessor (QSA), we seek to extend our value as strategic partner in protecting cardholder data, wherever it is created, processed, disseminated or stored. When things get complicated, we're the one service provider that will stick around to help you find solutions that enable the business without compromising on security.
At BraveCraft, we believe that security is most effective when designed to function as a natural extension to your business. We bring to the table, decades of field-tested experience in making security work for you in precisely this fashion. Now, your team members can stay focused on critical business activities, leaving the heavy lifting associated with PCI-DSS compliance to BraveCraft. With BraveCraft on board, your customers gain additional confidence to transact in a connected world, whilst executives benefit from the assurance that business operations remain adequately protected at all times.
Our mission is to help you achieve and maintain PCI-DSS compliance from initiation to attestation
BraveCraft's portfolio of diagnostic security services, to evaluate prevailing threat conditions, risk, security competency and complianceRead More
BraveCraft's solution design services including all aspects of security architecture in resources, policies, processes, technologies and operating modelsRead More
Implementation and optimisation services to integrate security competencies into a single enterprise security management systemRead More
BraveCraft Managed Security Services designed as turnkey solutions and delivered in accordance with formal Service Level AgreementsRead More
BraveCraft Security Oversight and coordination services, aimed at clear accountability, responsibility, reporting and improvementRead More
What we can do to help you achieve and maintain PCI-DSS Compliance
Compliance is not simply about preventing a data breach. Winning organisations know that when done intelligently, compliance can make you better at what you already do and allow your business to offer products and services that sets you apart from the competition. Well-governed organisations are simply more sustainable in the long run. With our PCI-DSS Security Services you can achieve compliance quicker and maintain it more affordably.
Organisations just starting out on their journey to PCI compliance may feel overwhelmed by its implications on a technology and operational level. The place to start is with a BraveCraft PCI-DSS Readiness Assessment. It is different from a formal PCI review in that the goal is "fact finding, remediation and preparation" rather than validation of compliance. BraveCraft's PCI-DSS Readiness Assessment will help you accurately define the scope of your Cardholder Data Environment (CDE) and provide a clear action plan for the changes that will be required before attempting formal certification.
Attention to detail and sustained focus is the key success factor to every PCI-DSS Program. It is easy to be distracted by everyday operational challenges, only to end up in "crises management mode" at the time of recertification. BraveCraft's PCI-DSS Managed Services will help you stay on top of every requirement throughout the year, thus reducing operational disruption at the time of formal review. Although each customer remains accountable for their own compliance, BraveCraft's contribution as facilitators and advisors will help you get it right first time, allowing your team to stay focused on those business activities that matter most.
Every year, organisations that process, store or transmit credit card information, are required to re-validate their compliance with a common set of security requirements maintained by PCI Security Standards Council and mandated by the major card brands. As Qualified Security Assessors (QSA's) BraveCraft can help you achieve annual certification with fewer business disruptions, reduced effort and lower costs. Our QSA's have completed merchant and service provider reviews throughout the CEMEA region over several years helping customers safeguard their reputation, revenue, customers and operations against targeted attacks by cyber criminals.
Requirement 12.2 of PCI-DSS stipulates that organisations must have a documented, annual risk-assessment process in place. Its purpose is to identify assets, threats and vulnerabilities as the basis for introducing risk-reducing controls in a focused, prioritised manner. BraveCraft has extensive international experience across just about every industry sector in developing an enterprise-wide Risk Assessment competency. Our goal is not only to design and initiate your organisation's Risk Assessment process, but also to integrate it seamlessly with your PCI-DSS Compliance Program. More than just an annual "tick box" our Risk Assessment methodology will help you stay on top of an ever-evolving external and internal threat landscape.
Ultimately, the only way to measure control effectiveness is through testing. BraveCraft's Penetration Testing Services offer reasonable assurance that security measures are fully deployed and working as intended. In keeping with PCI-DSS requirements, BraveCraft follows generally accepted leading practices in conducting our tests, executed by analysts with an impressive track record as practitioners and trainers the art of "pen-testing". What sets us apart in this regard is not only the potency of "how we conduct" the penetration testing but also the professional guidance provided to customers when interpreting and remediating results.
The vast majority of data breaches are still perpetrated by attackers exploiting known weaknesses in systems. BraveCraft's Vulnerability Management Service makes use of extensive global intelligence and leading technologies to help discover vulnerabilities in large and small computing environments. But that is only the start. Demand for our services are driven by the powerful management system and supporting processes deployed by BraveCraft to track, escalate and report on remediation. Customers benefit from knowing that all vulnerabilities are managed consistently in accordance with standardised criteria for priority and severity.
A defining characteristic of the PCI-DSS is that it is not exclusively focused on technology and automated controls. Instead, it strives to include the commitment of responsible resources acting in accordance with documentation instructions. Why not let BraveCraft reduce the work-effort and simplify the complexity of this responsibility on your behalf. Based on a wealth of global experience, BraveCraft is ideally positioned to write, maintain and publish all PCI-DSS policies, procedures, processes and guidelines in a manner that ensures that all relevant stakeholders are fully aware of their assigned roles and responsibilities in keeping the business PCI-DSS compliant.
It is generally understood that absolute security in any networked computer system is highly unlikely. External and internal attacks continue to increase in scope and sophistication and advanced persistent attacks often find their way around even the most impressive of security architectures. BraveCraft's Security Awareness Service will tip the advantage back in your favour by promoting vigilance, skill and security competency amongst your staff members, service providers and suppliers on a continuous basis. Instead of generalised messaging, BraveCraft's awareness interventions are tailor made to distinct audiences, resulting in a measurable improvement of your overall security posture.
BraveCraft does not promote any specific vendor or particular security technology. However, we do have a wealth of insight, having seen many security technologies at work in complex computing environments. BraveCraft is therefore ideally positioned to assist organisations in developing a documented security architecture to meet the stringent requirements of PCI-DSS. What's more, we ensure that it's maintained in a way that matches the overall maturity of that customer's current security program. BraveCraft also performs detailed technology health-checks on behalf of those customers wanting to ensure that their security technologies are reliably deployed, fully optimised and consistently monitored.
An underlying principle of PCI-DSS compliance is that security control measures, especially those that are automated, will only be effective if they are monitored in a way that ensures a prompt and appropriate response to any deviation of policy. BraveCraft is committed to this principle. We continuously monitor complex customer environments in near real-time, especially in areas where effective incident response are measured in minutes rather than hours or days. When combined with dedicated solutions for comprehensive log-management and analysis, BraveCraft's will help you reduce your mean-time-to respond significantly.
The constantly evolving threat from cyber criminals hardly needs any introduction and it is expected to escalate even further as the world becomes more connected and mobile. Because of it's inherent multi-disciplinary nature involving legal, networking, security and systems and investigative expertise, very few organisations can justify the investment to maintain this internally. BraveCraft has partnered with Africa's leading forensic services company Cyanre to combine our respective skill-sets in a way that ensures separation of duties whilst providing singleness of focus when responding to the impact of a security breach.