Top PCI Forensic Investigator: SecureState Reveals 7 Basic Steps of PFI Investigation

Demystifying Incident Response to Ease the Pain of Data Breach Investigations

Oct 10, 2013, 08:57 ET from SecureState

CLEVELAND, Oct. 10, 2013 /PRNewswire/ -- SecureState, a management consulting firm specializing in information security, leverages their 11 years of experience when helping organizations investigate a potential data breach, as a Payment Card Industry (PCI) Forensic Investigator (PFI).  

(Logo: )

The PFI program establishes and maintains rules and requirements regarding eligibility, selection and performance of companies that provide forensic investigation services to ensure they meet PCI Security Standards. 

"This is a testament to our commitment to help clients bring their organizations to a secure state, and to the quality of our incident response capabilities," Ken Stasiak, SecureState CEO said. "I am excited to provide our support to companies who have experienced a card holder data breach by helping to ease their frustration and guide them through a difficult process."

Organizations typically have a week to respond to a request to have a PFI determine how a data breach occurred. The PFI's goal is to determine if there is any evidence of vulnerability that allowed the breach to happen.

"We meet with companies and walk them through the entire process, so they know just what to expect from the investigation," Stasiak said. "Our goal is to review the evidence, determine how the breach happened, contain the threat and help the organization move forward."

Basic Steps of a PFI Investigation: (for more details read "Responding to a Data Breach Notification")

  1. Determine the scope of the environment where the breach occurred. 
  2. Collect Evidence 
  3. Preliminary Report 
  4. Analysis 
  5. Containment Strategy 
  6. Containment Verification 
  7. Final Report

Throughout this process, additional credit accounts may be compromised or more could be reported stolen. The merchant bank may impose fines and other penalties on a company, including making them conform to stricter guidelines established by PCI DSS.

About SecureState:

With the goal of making the world more secure, SecureState provides premier management consulting services for companies internationally. The SecureState team is comprised of several specialties to solve complex business problems including: Advisory Services, Audit & Compliance, Profiling & Penetration, Privacy, Risk Management, and Incident Response.

Anthony Hardman
SecureState Public Relations
(216) 927-8245 

SOURCE SecureState