DialogNauka by request Belgazprombank booked audit on compliance to requirements of PCI DSS

The DialogNauka company, system integrator in information security field, successfully completed the project for JSC Belgazprombank on ensuring fulfillment of requirements of the standard of security of Payment Card Industry Data Security Standard (PCI DSS) in international payment systems and issued to the customer the certificate of conformity of PCI DSS 2.0.

JSC Belgazprombank is one of systemically important banks for the enterprises of the non-state sector of economy of Republic of Belarus, his major shareholders are JSC Gazprom and Gazprombank joint-stock company.

To conform to requirements of international payment systems and to provide the necessary level of information security, JSC Belgazprombank decided to book audit on compliance to requirements of the PCI DSS standard. After comparison of offers on provision of services on audit from different players of information security market the bank made the decision to begin cooperation with DialogNauka Ltd. The solution was based also on the analysis of the competence which is saved up by DialogNauka and on comments of customers which the company integrator received for many years successful work.

Having approved parts of the forthcoming project, both parties signed the agreement and approved the work plan which included the next stages:

• ASV scanning;
• internal penetration test;
• external penetration test;
• certification audit according to the PCI DSS standard and issue of the certificate of conformity;
• consulting support of specialists of cybersecurity.

Allowed to conduct a preliminary research of information security systems of bank using ASV scanning the detailed analysis of the approved list of the IP addresses on existence of vulnerabilities and to give an assessment of level of security of information systems of bank. After completion of ASV scanning the customer received the detailed report about its results issued according to requirements of ASV Program Guide Reference.

Further according to the plan external testing for the penetration held at the initial stage of the project by specialists of DialogNauka Ltd by means of different means of instrumental audit began, it allowed to determine the actual level of security of the information systems (IS) of the customer, to assume possible options of implementation of active and passive actions of the malefactor and to develop the general recommendations for fight against actions of the potential violator.

Testing for penetration which was held in strict accordance with requirements of the PCI DSS standard became the next step internally. During its accomplishment checks on data security, transferred at the network layer were performed, security of cryptographic storage, correctness of processing of incidents are analyzed.

Certification audit of compliance to the standard of security of PCI DSS during which were carried out became a final stage of a complex of works:

• verification of presence and analysis of the available organizational and administrative documentation and degree of its compliance to requirements of the PCI DSS standard;
• technology conformity assessment to requirements of PCI DSS technical, program and hardware-software complexes of data protection;
• check of compliance of planning and accomplishment of the analysis of security and modeling of actions of the violator taking into account results of already held events.

After carrying out audit of bank on compliance to mandatory requirements of the standard of security of payment cards specialists of DialogNauka Ltd provided the report on compliance to necessary requirements of the standard, and the company issued to the customer the certificate of conformity of PCI DSS 2.0.

"Since DialogNauka began to render services in certification of PCI DSS, the company successfully executed a number of projects in this direction for the customers among whom both banks, and other organizations directly related to work with international payment systems acted. We continue to develop this direction actively. Among our customers – the largest Banks of Russia, Belarus, Kazakhstan and Azerbaijan. It is sure that in 2015 our services as the QSA auditor will remain are demanded, and the goodwill and an appreciation of work of our specialists will be to potential customers one more cause to address to our company for information security support of the organization", – told, summing up the project results, Krupchik Alexander, the director of business development of closed joint stock company "DialogNauka.