Profitability starts with trust

Choosing the right partner to help your business achieve PCI-DSS compliance is an important executive decision. BraveCraft would like to partner with you in simplifying the entire compliance process, turning it into a powerful competitive advantage that works for you.

The BraveCraft Experience

Your business comes first

In partnering with BraveCraft, you'll notice right away that we regard the security of your data as if it was our own! More than just fulfilling the role of an independent auditor or Qualified Security Assessor (QSA), we seek to extend our value as strategic partner in protecting cardholder data, wherever it is created, processed, disseminated or stored. When things get complicated, we're the one service provider that will stick around to help you find solutions that enable the business without compromising on security.

We do the heavy lifting

At BraveCraft, we believe that security is most effective when designed to function as a natural extension to your business. We bring to the table, decades of field-tested experience in making security work for you in precisely this fashion. Now, your team members can stay focused on critical business activities, leaving the heavy lifting associated with PCI-DSS compliance to BraveCraft. With BraveCraft on board, your customers gain additional confidence to transact in a connected world, whilst executives benefit from the assurance that business operations remain adequately protected at all times.

How BraveCraft adds value to your Business

How we add value to your Business

Our mission is to help you achieve and maintain PCI-DSS compliance from initiation to attestation

Assess

BraveCraft's undertaking is to help our customers articulate their Enterprise Risk Exposure using a proven methodology. Gone are the days when an "annual risk assessment" was considered adequate in shaping your security program. At BraveCraft we understand the need for adaptive, well-timed, executive decisions to combat rising incidents of cyber-crime. Our Risk Assessment methodology and practices are tightly integrated with global intelligence sources; internal and external threat conditions as well as intuitive metrics and measures to make sure your resources, processes and technologies are optimally applied to protect the business.

BraveCraft's portfolio of diagnostic security services, to evaluate prevailing threat conditions, risk, security competency and compliance
Read More
Advise

Information Security is a complex and often costly responsibility involving many role-players. Leading practice frameworks offer meaningful guidance but the value offered by BraveCraft also includes battle-tested experience in knowing how to adapt those core principles and controls into a well-defined Information Security Target Operating Model. Our services include consultative input on security services and functions, teams, policies, processes, architecture, technology, governance, communications and performance measurement to name but a few. Ultimately, our goal is to help you demonstrate the value-add of effective information security to the sustainability and bottom line of the business.

BraveCraft's solution design services including all aspects of security architecture in resources, policies, processes, technologies and operating models
Read More
Enable

Many business leaders have expressed their frustration at what they perceive as the "fear, uncertainty and doubt" used by security professionals to justify their not-allowed-here approach to business. At BraveCraft we believe our mandate is to find innovative ways in which to enable the business whilst reducing risk. This is difficult but possible. BraveCraft's Enablement Services will help you get the most out of your technology and scare resources. We can help you streamline security processes for maximum efficiency and to such an extent that security is recognised as a key success factor to the sustainability of your business.

Implementation and optimisation services to integrate security competencies into a single enterprise security management system
Read More
Operate

Every one of BraveCraft's Operational or Managed Services offerings is intended to promote a real-time, situational awareness of your security posture. Through our monitoring and alerting services, threat intelligence feeds, vulnerability and compliance management as well as incident response capabilities, we help our customers deal with imminent and constantly evolving threats by tracking those security metrics that matter most. Because our success is determined by the degree to which your controls measures meet pre-defined business requirements, BraveCraft's mission is to help you develop an agile security competency without compromising on those fundamental disciples without which no security program can succeed.

BraveCraft Managed Security Services designed as turnkey solutions and delivered in accordance with formal Service Level Agreements
Read More
Govern

Oversight and management of the Information Security Function is an on-going responsibility. As the guardians of business critical information this team's performance is critical. BraveCraft can add significant value to your work effort in helping craft a formal security mandate together with assigned roles and responsibilities. In addition to helping you manage aspects of budgeting and competency development, BraveCraft can also assist in promoting security awareness, manage security projects and facilitate security audits. In close collaboration with your team, our goal is to help answer the question: "How secure are we?"

BraveCraft Security Oversight and coordination services, aimed at clear accountability, responsibility, reporting and improvement
Read More

Our Service Offerings

What we can do to help you achieve and maintain PCI-DSS Compliance

Compliance is not simply about preventing a data breach. Winning organisations know that when done intelligently, compliance can make you better at what you already do and allow your business to offer products and services that sets you apart from the competition. Well-governed organisations are simply more sustainable in the long run. With our PCI-DSS Security Services you can achieve compliance quicker and maintain it more affordably.

BraveCraft PCI-DSS Readiness Assessments

Organisations just starting out on their journey to PCI compliance may feel overwhelmed by its implications on a technology and operational level. The place to start is with a BraveCraft PCI-DSS Readiness Assessment. It is different from a formal PCI review in that the goal is "fact finding, remediation and preparation" rather than validation of compliance. BraveCraft's PCI-DSS Readiness Assessment will help you accurately define the scope of your Cardholder Data Environment (CDE) and provide a clear action plan for the changes that will be required before attempting formal certification.

BraveCraft PCI-DSS Managed Services

Attention to detail and sustained focus is the key success factor to every PCI-DSS Program. It is easy to be distracted by everyday operational challenges, only to end up in "crises management mode" at the time of recertification. BraveCraft's PCI-DSS Managed Services will help you stay on top of every requirement throughout the year, thus reducing operational disruption at the time of formal review. Although each customer remains accountable for their own compliance, BraveCraft's contribution as facilitators and advisors will help you get it right first time, allowing your team to stay focused on those business activities that matter most.

BraveCraft PCI-DSS Compliance Review

Every year, organisations that process, store or transmit credit card information, are required to re-validate their compliance with a common set of security requirements maintained by PCI Security Standards Council and mandated by the major card brands. As Qualified Security Assessors (QSA's) BraveCraft can help you achieve annual certification with fewer business disruptions, reduced effort and lower costs. Our QSA's have completed merchant and service provider reviews throughout the CEMEA region over several years helping customers safeguard their reputation, revenue, customers and operations against targeted attacks by cyber criminals.

BraveCraft PCI-DSS Risk Assessment

Requirement 12.2 of PCI-DSS stipulates that organisations must have a documented, annual risk-assessment process in place. Its purpose is to identify assets, threats and vulnerabilities as the basis for introducing risk-reducing controls in a focused, prioritised manner. BraveCraft has extensive international experience across just about every industry sector in developing an enterprise-wide Risk Assessment competency. Our goal is not only to design and initiate your organisation's Risk Assessment process, but also to integrate it seamlessly with your PCI-DSS Compliance Program. More than just an annual "tick box" our Risk Assessment methodology will help you stay on top of an ever-evolving external and internal threat landscape.

Penetration Testing

Ultimately, the only way to measure control effectiveness is through testing. BraveCraft's Penetration Testing Services offer reasonable assurance that security measures are fully deployed and working as intended. In keeping with PCI-DSS requirements, BraveCraft follows generally accepted leading practices in conducting our tests, executed by analysts with an impressive track record as practitioners and trainers the art of "pen-testing". What sets us apart in this regard is not only the potency of "how we conduct" the penetration testing but also the professional guidance provided to customers when interpreting and remediating results.

Vulnerability Management

The vast majority of data breaches are still perpetrated by attackers exploiting known weaknesses in systems. BraveCraft's Vulnerability Management Service makes use of extensive global intelligence and leading technologies to help discover vulnerabilities in large and small computing environments. But that is only the start. Demand for our services are driven by the powerful management system and supporting processes deployed by BraveCraft to track, escalate and report on remediation. Customers benefit from knowing that all vulnerabilities are managed consistently in accordance with standardised criteria for priority and severity.

BraveCraft PCI-DSS Policy and Process Development

A defining characteristic of the PCI-DSS is that it is not exclusively focused on technology and automated controls. Instead, it strives to include the commitment of responsible resources acting in accordance with documentation instructions. Why not let BraveCraft reduce the work-effort and simplify the complexity of this responsibility on your behalf. Based on a wealth of global experience, BraveCraft is ideally positioned to write, maintain and publish all PCI-DSS policies, procedures, processes and guidelines in a manner that ensures that all relevant stakeholders are fully aware of their assigned roles and responsibilities in keeping the business PCI-DSS compliant.

BraveCraft Security Awareness Program Management

It is generally understood that absolute security in any networked computer system is highly unlikely. External and internal attacks continue to increase in scope and sophistication and advanced persistent attacks often find their way around even the most impressive of security architectures. BraveCraft's Security Awareness Service will tip the advantage back in your favour by promoting vigilance, skill and security competency amongst your staff members, service providers and suppliers on a continuous basis. Instead of generalised messaging, BraveCraft's awareness interventions are tailor made to distinct audiences, resulting in a measurable improvement of your overall security posture.

BraveCraft Security Architecture Development

BraveCraft does not promote any specific vendor or particular security technology. However, we do have a wealth of insight, having seen many security technologies at work in complex computing environments. BraveCraft is therefore ideally positioned to assist organisations in developing a documented security architecture to meet the stringent requirements of PCI-DSS. What's more, we ensure that it's maintained in a way that matches the overall maturity of that customer's current security program. BraveCraft also performs detailed technology health-checks on behalf of those customers wanting to ensure that their security technologies are reliably deployed, fully optimised and consistently monitored.

BraveCraft Monitoring and Alerting Services

An underlying principle of PCI-DSS compliance is that security control measures, especially those that are automated, will only be effective if they are monitored in a way that ensures a prompt and appropriate response to any deviation of policy. BraveCraft is committed to this principle. We continuously monitor complex customer environments in near real-time, especially in areas where effective incident response are measured in minutes rather than hours or days. When combined with dedicated solutions for comprehensive log-management and analysis, BraveCraft's will help you reduce your mean-time-to respond significantly.

BraveCraft Forensic Investigations

The constantly evolving threat from cyber criminals hardly needs any introduction and it is expected to escalate even further as the world becomes more connected and mobile. Because of it's inherent multi-disciplinary nature involving legal, networking, security and systems and investigative expertise, very few organisations can justify the investment to maintain this internally. BraveCraft has partnered with Africa's leading forensic services company Cyanre to combine our respective skill-sets in a way that ensures separation of duties whilst providing singleness of focus when responding to the impact of a security breach.

Contact us for more information