Matrix Cyber Consulting is a Qualified Security Assessor (QSA) and Qualified PIN Assessor (QPA) service provider affiliated to the PCI Security Standards Council®
With offices in United States and Brazil, MATRIX CYBER CONSULTING is a consulting firm of risk and cyber security, compliance, forensic investigation, fraud prevention and penetration testing, which supports its clients on developing and reaching an acceptable level of maturity on cyber security controls, allowing them to focus on the execution and stability of their business.
MATRIX CYBER CONSULTING is also approved by the PCI Security Standards Council as a Qualified Security Assessor (QSA), Qualified PIN Assessor (QPA), providing security and compliance solutions for organizations of all sizes, from local coffee shops to Fortune 500 companies.
MATRIX consulting service helps our customers to increase the maturity of Information Security Management Systems(ISMS) by enhancing current controls, processes and documentation. This service extends to all processes related to the operation of daily activities to ensure an effective ISMS aligned with the client's business plan.
Specialized consulting services to support the definition, remediation and improvement of the architecture of the PCI environment, as well as its controls and processes, aligning business needs with the requirements of the PCI-DSS standard. This service extends to all the requirements of the current PCI-DSS.
Mapping and critical analysis of processes, policies and activities aimed at preventing fraud and money laundering, allowing the identification of vulnerabilities and supporting the application of tools, methodologies and technologies that act in the mitigation of these failures, preventing and reducing the risks of detour, fraud and its corresponding financial impact.
Development of Information Security policies, appropriate to international standards and norms such as; ISO 27001, PCI-DSS, LGPD, GDPR, PLD, AML, SOX, etc. This activity aims to develop policies aligned with the company's business, resulting in more consistent processes and also in reducing the risk of incidents in the environment.
Training content focused on supporting the attendees to understand the responsibilities and objectives of the PCI-DSS standard, the routine processes required to obtain and maintain PCI-DSS certification, and how to use current controls to support Cybersecurity and Compliance needs.
Evaluation of compliance within the requirements of the current PCI standard according to the current situation of the company, in order to identify the applicable controls. As part of the PCI analysis, MATRIX will present compliance indicators and recommendations for the adequacy of the necessary points.
Evaluation of compliance to the PCI-DSS standard for international certification of the payment card environment This process is performed by a QSA certified consultant endorsed by the PCI SSC and is applicable to all PCI level 1 Merchants and Service Providers.
This is a process for evaluating compliance to the PCI-DSS standard, based on the SAQ applicable to the business segment in question. Our process is performed by a QSA certified consultant endorsed by the PCI SSC and is applicable to all companies from level 2 to level 4 of the PCI-DSS.
The ISO 27001 evaluation process aims to assess the context of the organization and recommend the implementation, maintenance and improvement of the maturity level of the Information Security Management System (ISMS). This process is performed by a leading auditor certified by ISO/IEC 27001.
MATRIX offers monthly follow-up with the support of a QSA to help its clients to maintain PCI-DSS compliance. This follow-up includes a review of routine activities required by the PCI-DSS standard and test sampling of other processes that support the security of the payment environment.
Risk Analysis for a well-defined scope based on ISO 27001, ISO 27005, PCI-DSS and/or the best practices of cyber security, this assessment aims to identify threats, vulnerabilities and potential negative impact to the business and information of customers, employees or service providers, the result of the analysis enables decision making, investments and adjustments based on environmental vulnerabilities.
Our Penetration testing service is performed simulating an attacker who is inside or outside the company and/or a customer defined environment. These tests are performed by experienced consultants who perform manual exploration based on the vulnerabilities identified during the discovery phase. Penetration testing methodology is based on NIST SP800-115, OWASP and PCI standards.
We are providers of an ASV (Approved Scanning Vendor) solution, approved by the PCI Council, that offers different ways of implementation according to your particular infrastructure requirements including cloud and containers.
The Cybersecurity Assesment service starts with a scope defined along with the client seeking to identify threats, impacts and security controls and deficient processes, in relation to the best security practices and consolidated frameworks in the market, such as ISO 27001, PCI DSS and NIST
Forensic investigation, to identify the source and scope of the commitment suffered, ensure the integrity of evidence and, if necessary, develop a remediation plan to reduce the risk of future attacks by improving the security posture of the environment.
The fraud investigation service focuses on understanding the case, as well as the entire process of determining and investigating fraud, evidence, corruption and financial crimes of companies of various segments, scopes and sizes. This activity contemplates the entire cycle of investigation and support in the recovery of financial losses that have occurred, when possible.