Workshops

We offer PCI-DSS, PCI-PIN, and Secure Development training to help you understand the responsibilities, standards, routine processes required to achieve and maintain PCI certification, and how to use current controls to support your Cybersecurity and Compliance needs.

Hardening

Hardening is a process that allows you to ensure that a computer or server has the minimum configurations and thus reduce its vulnerabilities and security gaps from a baseline that allows it to resist possible attacks.

Policies and Procedures

Development of Information Security policies, adequate to international norms and standards such as ISO 27001, PCI-DSS, LGPD, GDPR, PLD, AML, SOX etc. This activity aims to develop policies aligned to the company’s business, resulting in more consistent processes and also reducing the risk of incidents in the environment.

Cybersecurity Assessment

The analyses performed encompass a scope defined together with the client and seek to identify threats, impacts, and security controls and deficient processes, in relation to the best security practices and consolidated frameworks in the market, such as the NIST Cybersecurity Framework.

Vulnerability Scan Solution

ASV (Approved Scanning Vendor) Vulnerability Scanning Solution, approved by the PCI SSC, that has several ways of deployment, facilitating the implementation in several infrastructure models, including cloud and container.

Vulnerability analysis

Service of evaluation and identification of flaws and potential security threats in a technological infrastructure with the objective of anticipating cybersecurity problems that could harm the company’s operations.

Pentests

Intrusion testing, in a controlled and professional manner, including blackbox, whitebox, web applications, mobile, corporate systems, networks and environments. These tests are conducted by experienced consultants who perform the exploitation attempts manually, based on vulnerabilities identified during the discovery phase, the initial phase of the activity. The methodology of the Invasion Tests is based on NIST SP800-115, OWASP and PCI Guides.

Cyber Risk Analysis

Risk analysis in pre-determined scope, based on ISO 27001, ISO 27005, PCI-DSS and best practices in cybersecurity. This assessment aims to identify threats, vulnerabilities and the potential negative impact on the business and information of customers, employees or service providers. The result of the analysis enables decisions, investments, and adjustments to be made based on the weaknesses of the environment.

PCI as a Service (PCIaaS)

MATRIX offers monthly monitoring by a QSA to assist its customers in maintaining PCI-DSS compliance. This follow-up includes a review of routine activities required by the PCI-DSS standard and evidence sampling of the other processes that support the security of the environment in scope.

ISO 27001 compliance

The ISO 27001 assessment process aims to assess the context of the organization and make recommendations for implementation, maintenance, and improvement of the maturity level of the Information Security Management System (ISMS). This process is performed by a professional ISO/IEC 27001 Certified Lead Auditor.

PCI-PIN certification

PCI-PIN compliance assessment process, for international certification of the environment that has contact with card data. This process is performed by a QPA consultant certified with the PCI SSC and is applicable to all companies that qualify as PCI-PIN.

PCI-DSS Level 2 to 4 Certification

Process of compliance assessment with the PCI-DSS standard, based on the QSA applicable to the business segment in question. This process is performed by a QSA consultant certified with the PCI SSC and is applicable to all companies that qualify as PCI-DSS level 2 to 4.

PCI-DSS Level 1 Certification

PCI-DSS compliance assessment process, for international certification of the environment that has contact with card data. This process is performed by a QSA consultant certified with the PCI SSC and is applicable to all companies that qualify as PCI-DSS level 1.

PCI GAP Analysis

Evaluation of adherence to the requirements of the PCI standard in force, with the objective of identifying the applicable controls and whether they are in conformity with the security processes and controls carried out in the evaluated company. As part of the GAP analysis, MATRIX will present compliance indicators and recommendations for the adequacy of the necessary points.

Prevention and Treatment of Fraud

Mapping and critical analysis of processes, policies and activities directed to fraud prevention and money laundering, enabling the identification of vulnerabilities and supporting the implementation of tools, methodologies and technologies that will act in the mitigation of these failures, preventing and reducing deviation and fraud risks and financial impacts.

PCI – Payment Card Industry

Specialized consulting to support the definition, remediation and improvement of the PCI environment architecture, controls and processes, aligning business needs to the PCI-DSS and PCI-PIN requirements. This service extends to all requirements of the standard in force.

Cybersecurity

The consulting service helps MATRIX clients to increase the maturity of their Information Security Management System (ISMS), through the improvement of current controls, processes and documentation. This service extends to all processes related to the operation of the activities necessary to ensure an effective ISMS aligned with the client’s business plan.

Cyber Incidents Response

The Cyber Incident Response Service focuses on identifying threats, understanding your exposure, balancing your priorities, and establishing a comprehensive response, aligning expectations and proactive strategy that manages emerging security and privacy threats. This service may include incident simulation with Pentest and malware evaluation for intelligence generation.

Fraud Prevention

The Fraud Prevention service involves all ways of preventing fraudulent actions in the payment arrangement, whether in gateways, merchants, acquirers, brands, issuers, in addition to all logistical and technical processes that support the activity.

Contemplating:

• Development and maintenance of transactional and/or profile rules;
• Treatment and management of cases of suspected fraud;
• Specialized training in fraud prevention;
• Mapping and development of policies and processes;
• Physical evaluations in asset storage environment.

Outsourcing

MATRIX offers partial or total outsourcing of the teams allocated in the client. The professionals allocated work in a committed manner, are permanently trained, and capacitated to act in environments that involve different technologies and processes. In addition, all professionals are monitored by our Project Managers, who are responsible for the quality of the work and the definition of the allocation profiles. The consulting services can be provided remotely or in person.

vCISO

MATRIX’s virtual CISO (vCISO) service provides our experts who are familiar with managing cyber and information security risks in all industries (banking, retail, healthcare entities, industries, etc.).

Vulnerability and Patch Management

Ongoing evaluation of the state of an organization’s operating systems and business applications that involves the identification, classification, and correction of information security vulnerabilities.

Events and Threat Management

Analysis of events generated by the different detection and protection systems that make up the security architecture of an organization. A correlation of events is performed and thus threats are detected in advance, generating appropriate mitigation measures.

SOC

It is a managed security service that operates under a set of defined procedures and has technology to monitor, analyze, respond to and prevent cybersecurity incidents on an ongoing basis. The purpose of the SOC service is to ensure that all IT security and cybersecurity policies are in place, properly executed and regularly updated in response to threats.