Company

Technical Security Consulting

Managing Risk

Research & Development

Forensics

Security Management

Media Centre

PCI DSS

• Home
• Overview
• Press Releases
• Index
• IRM is now a PABP
• IRM Comments on the Computer Weekly PCI Article of 12 June 2007
• IRM Has Become a QFI
• IRM Demonstrates Multiple Cisco IOS Exploitation Techniques
• IRM is awarded Qualified Forensics Investigator (QFI) status by MasterCard
• IRM In The News

IRM is awarded Qualified Forensics Investigator (QFI) status by MasterCard

London - 9 April, 2008

IRM is pleased to announce that the company has now been named a Qualified Forensics Investigator (QFI) by MasterCard. This puts IRM in a unique position as an approved QFI by both MasterCard and VISA.

A QFI is reponsible for conducting forensic investigations after there has been a security breach involving payment card data. A QFI looks into all aspects of the breach including:

- Determining how the perpetrators gained access to the data
- Determining how many accounts were breached and exactly what information was viewed/accessed
- Discovering what else besides the actual systems was involved in the breach (i.e. employees or physical access controls)
- Establishing a timeline to determine how long it took the data to be compromised and the length of time it was exposed
- Analysing the network configurations to determine if the security breach affected other systems throughout the company
- Reviewing how cardholder data is stored and controlled
- Remediation actions required to prevent reoccurrence.

This is yet another aspect of PCI DSS compliance where IRM is qualified to advise. IRM is already a QSAC (Qualified Security Assessor Company), has multiple consultants with QSA (Qualified Security Assessor) status and is a PABP (Payment Application Best Practice, soon to be PA-DSS) meaning the company can help any business that is affected by PCI whether they are looking to become PCI compliant, require an audit to ensure ongoing PCI compliance, or need help with remediation after a security breach. IRM was one of the first companies in the UK to realise that PCI compliance would affect a broad range of businsses and we continue to ensure that we keep up-to-date with the latest news, knowledge and skills to be able to help clients wherever they find themselves on the road to PCI compliance. Please feel free to contact IRM should you have queries about any PCI-related issue.

 

About IRM: Information Risk Management Plc (IRM) is a vendor independent information risk consultancy, founded in 1998. IRM has become a leader in client side risk assessment, technical level auditing and in the research and development of security vulnerabilities and tools. IRM is headquartered in London with Technical Centres in Europe and Asia as well as Regional Offices in the Far East and North America.