Case Study – CCNA

Home > Case Study – CCNA

Challenge

Converged Communication Network Applications Pty Ltd (CCNA) delivers leading technology solutions and services within the Enterprise, Government, and Carrier market place.

Being a technology services provider, security & compliance are of utmost importance for CCNA. In some instances where CCNA is liable for handling its customer credit card data, it is required to follow and adhere to the strict guidelines of PCI-DSS Standard. To attain and maintain PCI-DSS certification, CCNA approached CyberDots.

Key Objectives

The 5 key objectives of the engagement were:

  • Provide review and gap assessment of the current state of PCI-DSS.
  • Assistance with security policies, procedures and standards as per PCI-DSS guidelines.
  • Internal network vulnerability assessment and penetration testing as per PCI-DSS guidelines.
  • QSA service and issuing of Attestation of Compliance (AOC).
  • Aggressive time lines to achieve the PCI-DSS AOC attestation.

“Thank you for doing a great job and I want you to know that your professionalism and product knowledge helped us reach our target PCI_DSS Certification date and goal. I look forward to working with you next year.”

Tony Westlake, National Services Manager – CCNA


Solution

To address to the above five key areas of concern, the team at CyberDots performed the work in the following stages.

The key to achieve PCI-DSS compliance in a cost effective manner is to establish the right scope for the credit card handling infrastructure of an organisation. CyberDots helped with

  • Review and assessment of current architecture, process and policies associated with the PCI-DSS environment.
  • Advise with mitigating the identified gaps.
  • Filling 2, SAQ D questionnaires on behalf of CCNA and coordination with QSA.

With years of expertise to review, establish and maintain PCI-DSS and ISO 27001 compliance policies, CyberDots team was able to expedite and help update CCNA’s security policies, procedures and standards in line with the requirements of PCI-DSS guidelines.

CyberDots penetration testing and vulnerability assessment team is highly experienced and industry certified. Our team worked onsite and remotely to conduct a detailed penetration test and to subsequentlyprovide solutions to mitigate the findings. Finally, CyberDots worked with CCNA team to retestand to verify the status of mitigations to generate a clean report and fulfil the requirements of PCI-DSS.

CyberDots provided QSA services resulting in PCI-DSS Attestation and issued AOC (Attestation of Compliance) certificate.

CCNA had very aggressive timelines to achieve the certification. CyberDots team worked very closely with CCNA, planning out all phases and activities on timely manner often working overtime and weekends resulting in achieving the certification in a record time of 1 month.


Our years of experience at CyberDots in dealing with several compliances and standards like NIST, CIS benchmarking, ISO 27001, PCI-DSS, ASD (Australian Signals Directorate) and Australian Government Information Security Manual (ISM) guidelines makes us an apt choice to support our customers with these initiatives. To manage complex regulatory environments and align IT delivery goals with business strategy we at CyberDots create and tailor our approach to achieve best results for our customers.

Contact Us

Call us
1300 52 56 57