Security Standards - IT Library : ZDNet Asia

Case Studies

Vendor Webcast

Show all content

Title Date Added Company

Achieving PCI Compliance For: Privileged Password Management & Remote Vendor Access 2007-04-01 e-DMZ Security

Though PCI compliance is not a government driven requirement such as Sarbanes Oxley and HIPAA, noncompliance under PCI can have a devastating impact on any enterprise that relies on credit card transactions. The contract with credit card companies requires that as an organization one complies with PCI. Non-compliance with PCI can result in specific contractual penalties and/or revocation of the rights as an enterprise to process credit card transactions. Like all compliance and regulatory requirements, there is no single product or policy/procedure that will assure the compliance. THERE IS NO SILVER BULLET for PCI COMPLIANCE. PCI compliance requires that the enterprise deploy many security technologies, and have specific policies and procedures in place.

Tags: Security Management

How to Achieve Compliance With Payment Card Industry (PCI) Data Protection Clauses and Protect Against Data Breaches 2007-03-29 TIZOR

With the severity of recent data breaches, anxiety in the security and compliance community has reached a new high. Questions are being asked about what it means to be PCI compliant, particularly in the context of protecting data from data breaches. This paper describes two PCI requirements for cardholder data protection: data auditing and data encryption. As mandated by PCI 10, data auditing should provide for detailed monitoring of all access to the card holder as well as alerting on potential data theft. As mandated by PCI 3, data encryption should be used to render cardholder data unreadable to anyone who is not authorized. While these two capabilities are distinct, they can be synergistic.

Tags: Security Management, Data Recovery - Security

You Sure You Want to Charge That?: Is the PCI DSS Protecting You? 2007-03-26 Configuresoft

The Payment Card Industry Data Security Standard, or PCI DSS, was established to create a unified security standard whose implications have grown due to new industry regulations. Security requirements were established in six major areas that cover 12 requirements. Credit card vendors enforce the PCI DSS and penalties are harsh for merchants who fail to comply. The following white paper outlines the six major areas that many businesses may not yet be fully aware.

Tags: Security Management

Beyond Compliance: CA Enables the Enterprise to Meet Demands Today, Provides Flexibility for the Future 2007-03-01 IDG (International Data Group)

Security concerns abound today, complicated by both internal and external threats and an ever-growing list of mandated compliance requirements. Compliance is now an integral component of everyday business practices. As security and compliance issues merge with business objectives, organizational needs are growing beyond compliance. IDC sees regulatory compliance as the leading driver of IAM market revenue in 2006 and one expects this to continue in 2007. IDC anticipates the overall IAM software market to exceed $4 billion in revenue by 2009.

Tags: Security Management

Citrix Solutions for Complying With PCI-DSS: Ensuring Protection of Web Applications and Privacy of Cardholder Information 2007-03-01 Citrix Systems

The Payment Card Industry Data Security Standard (PCI-DSS) is a global standard governed by the major credit card companies. The standard comprises a set of directives for entities that handle credit cards, with the goal of reducing fraud. PCI-DSS presents the framework for protecting sensitive cardholder and authentication data, providing financial benefits to organizations that are in compliance. Citrix Application Firewall, along with other Citrix solutions, provides a strong platform for compliance with PCI-DSS application security requirements and overall protection of critical Web applications.

Tags: Security Management

Using ISO 27001 for PCI DSS Compliance 2007-02-27 siemens

The Payment Card Industry Data Security Standard (PCI DSS) isn't dramatically different to the requirements of the best practice security standard - ISO 27001, except that PCI doesn't mention any of the prerequisites required for a management framework, e.g. management commitment, scope definition, security awareness training, ongoing improvement plans, whereas ISO 27001 omits a lot of the detail around how controls are actually implemented. So therefore, one could be forgiven for believing that MasterCard and Visa assumed PCI would contain additional security requirements to sit on top of an already established Information Security Management System (ISMS).

Tags: Security Management

Stock Spam: A Classic Scam 2008-02-07 MessageLabs

The "pump 'n' dump" stock scam has been around since the inception of stock sales. Today, however, after a series of fumbles by amateurs, serious Internet criminals are taking this scam to new levels, deploying it through images, PDFs, botnets and more.

In this white paper you will learn more about the criminals' sophisticated tactics. Plus, see how one particular stock scam in 2007 all started from a simple e-card to an unsuspecting victim in Florida, and how it played out for thousands of people either with or without the superior protection offered by a MessageLabs Web Security Services solution.

Tags: Security Management, Security Tools, Spam - E-mail Fraud - Phishing, Best Practices

The Payment Card Industry (PCI) Data Security Standard (DSS) 2007-02-05 Treasury Institute

Accepting credit and debit cards is a fact of life at campuses nationwide. Hand-in-hand with card acceptance comes the responsibility to safeguard and protect all transaction and consumer data. Unfortunately, education institutions because of their open networks and occasionally inadequate security procedures are particularly vulnerable to hacking and other compromises of confidential data: of the 321 information security breaches nationwide reported in 2006, 84 - or 26% - were at education institutions. This 26% share for Education is particularly disproportionate when one considers that education represents only a small percent of total payment activity nationwide. As a result, financial institutions and card issuers increasingly view education institutions as risky merchants.

Tags: Security Management

Regulatory Compliance and the IBM Mainframe: Key Requirements 2007-02-01 CA (Computer Associates)

Generally, a governmental regulation does not specify what technology is required in order to meet its requirements. In fact, many regulations do not even specify any details of an effective internal control. Therefore, administrators and compliance officers are left to determine what methods they will use to meet the often vague requirements within each regulation. In the area of overall corporate governance, the internal control framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) has become widely adopted. Although COSO contains requirements for a range of areas of governance, there is little in the COSO framework regarding specific IT controls.

Tags: HIPAA

Practical Implementation of an ISO 17799- Compliant Information Security Management System Using a Novel ASD Method 2007-01-31 VTT

This paper discusses the practical implementation of the Agile Security Development (ASD framework and presents a case study that reviews the process of building an information security management system utilizing the framework. The case study reveals the action steps for a small and medium-sized organization to utilize the method. The ASD framework and its output is fully ISO/IEC17799 compliant but takes the organization's actual management systems into account, so that ISO/IEC 17799 certification is not necessarily the ultimate target if the organization so chooses. The ASD framework supports auditing against the organization's own baseline, which might not be compliant with existing standards and industry-defined best practices.

Tags: Security Management

Jump to 1 2 3 4 5 6 7 [8] 9 10

Title	Date Added	Company
Achieving PCI Compliance For: Privileged Password Management & Remote Vendor Access	2007-04-01	e-DMZ Security
Though PCI compliance is not a government driven requirement such as Sarbanes Oxley and HIPAA, noncompliance under PCI can have a devastating impact on any enterprise that relies on credit card transactions. The contract with credit card companies requires that as an organization one complies with PCI. Non-compliance with PCI can result in specific contractual penalties and/or revocation of the rights as an enterprise to process credit card transactions. Like all compliance and regulatory requirements, there is no single product or policy/procedure that will assure the compliance. THERE IS NO SILVER BULLET for PCI COMPLIANCE. PCI compliance requires that the enterprise deploy many security technologies, and have specific policies and procedures in place. Tags: Security Management
How to Achieve Compliance With Payment Card Industry (PCI) Data Protection Clauses and Protect Against Data Breaches	2007-03-29	TIZOR
With the severity of recent data breaches, anxiety in the security and compliance community has reached a new high. Questions are being asked about what it means to be PCI compliant, particularly in the context of protecting data from data breaches. This paper describes two PCI requirements for cardholder data protection: data auditing and data encryption. As mandated by PCI 10, data auditing should provide for detailed monitoring of all access to the card holder as well as alerting on potential data theft. As mandated by PCI 3, data encryption should be used to render cardholder data unreadable to anyone who is not authorized. While these two capabilities are distinct, they can be synergistic. Tags: Security Management, Data Recovery - Security
You Sure You Want to Charge That?: Is the PCI DSS Protecting You?	2007-03-26	Configuresoft
The Payment Card Industry Data Security Standard, or PCI DSS, was established to create a unified security standard whose implications have grown due to new industry regulations. Security requirements were established in six major areas that cover 12 requirements. Credit card vendors enforce the PCI DSS and penalties are harsh for merchants who fail to comply. The following white paper outlines the six major areas that many businesses may not yet be fully aware. Tags: Security Management
Beyond Compliance: CA Enables the Enterprise to Meet Demands Today, Provides Flexibility for the Future	2007-03-01	IDG (International Data Group)
Security concerns abound today, complicated by both internal and external threats and an ever-growing list of mandated compliance requirements. Compliance is now an integral component of everyday business practices. As security and compliance issues merge with business objectives, organizational needs are growing beyond compliance. IDC sees regulatory compliance as the leading driver of IAM market revenue in 2006 and one expects this to continue in 2007. IDC anticipates the overall IAM software market to exceed $4 billion in revenue by 2009. Tags: Security Management
Citrix Solutions for Complying With PCI-DSS: Ensuring Protection of Web Applications and Privacy of Cardholder Information	2007-03-01	Citrix Systems
The Payment Card Industry Data Security Standard (PCI-DSS) is a global standard governed by the major credit card companies. The standard comprises a set of directives for entities that handle credit cards, with the goal of reducing fraud. PCI-DSS presents the framework for protecting sensitive cardholder and authentication data, providing financial benefits to organizations that are in compliance. Citrix Application Firewall, along with other Citrix solutions, provides a strong platform for compliance with PCI-DSS application security requirements and overall protection of critical Web applications. Tags: Security Management
Using ISO 27001 for PCI DSS Compliance	2007-02-27	siemens
The Payment Card Industry Data Security Standard (PCI DSS) isn't dramatically different to the requirements of the best practice security standard - ISO 27001, except that PCI doesn't mention any of the prerequisites required for a management framework, e.g. management commitment, scope definition, security awareness training, ongoing improvement plans, whereas ISO 27001 omits a lot of the detail around how controls are actually implemented. So therefore, one could be forgiven for believing that MasterCard and Visa assumed PCI would contain additional security requirements to sit on top of an already established Information Security Management System (ISMS). Tags: Security Management
Stock Spam: A Classic Scam	2008-02-07	MessageLabs
The "pump 'n' dump" stock scam has been around since the inception of stock sales. Today, however, after a series of fumbles by amateurs, serious Internet criminals are taking this scam to new levels, deploying it through images, PDFs, botnets and more. In this white paper you will learn more about the criminals' sophisticated tactics. Plus, see how one particular stock scam in 2007 all started from a simple e-card to an unsuspecting victim in Florida, and how it played out for thousands of people either with or without the superior protection offered by a MessageLabs Web Security Services solution. Tags: Security Management, Security Tools, Spam - E-mail Fraud - Phishing, Best Practices
The Payment Card Industry (PCI) Data Security Standard (DSS)	2007-02-05	Treasury Institute
Accepting credit and debit cards is a fact of life at campuses nationwide. Hand-in-hand with card acceptance comes the responsibility to safeguard and protect all transaction and consumer data. Unfortunately, education institutions because of their open networks and occasionally inadequate security procedures are particularly vulnerable to hacking and other compromises of confidential data: of the 321 information security breaches nationwide reported in 2006, 84 - or 26% - were at education institutions. This 26% share for Education is particularly disproportionate when one considers that education represents only a small percent of total payment activity nationwide. As a result, financial institutions and card issuers increasingly view education institutions as risky merchants. Tags: Security Management
Regulatory Compliance and the IBM Mainframe: Key Requirements	2007-02-01	CA (Computer Associates)
Generally, a governmental regulation does not specify what technology is required in order to meet its requirements. In fact, many regulations do not even specify any details of an effective internal control. Therefore, administrators and compliance officers are left to determine what methods they will use to meet the often vague requirements within each regulation. In the area of overall corporate governance, the internal control framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) has become widely adopted. Although COSO contains requirements for a range of areas of governance, there is little in the COSO framework regarding specific IT controls. Tags: HIPAA
Practical Implementation of an ISO 17799- Compliant Information Security Management System Using a Novel ASD Method	2007-01-31	VTT
This paper discusses the practical implementation of the Agile Security Development (ASD framework and presents a case study that reviews the process of building an information security management system utilizing the framework. The case study reveals the action steps for a small and medium-sized organization to utilize the method. The ASD framework and its output is fully ISO/IEC17799 compliant but takes the organization's actual management systems into account, so that ISO/IEC 17799 certification is not necessarily the ultimate target if the organization so chooses. The ASD framework supports auditing against the organization's own baseline, which might not be compliant with existing standards and industry-defined best practices. Tags: Security Management

Security

Featured Whitepapers

Member Login

Oracle Technology Solutions for Midsize Businesses

Country Insight: China