|
The Payment Card Industry Data Security Standard (PCI DSS) is a set of
comprehensive data security requirements designed to protect the personal
customer account information of credit and debit card holders. Developed by
American Express, Discover Financial Services, JCB, MasterCard Worldwide and
Visa International to replace proprietary information security requirements,
PCI DSS is a multi-faceted security standard that defines twelve security
requirements—with multiple controls in each—to ensure adequate and
consistent protection for the data, networks, systems and software involved
in payment transactions. The standard includes requirements for written
information security policies, continuous compliance monitoring and both
internal and third-party security assessments.
All organizations that accept electronic credit card payments must comply
with PCI DSS requirements. PCI DSS also mandates more stringent security
requirements for certain types of organizations that process larger numbers
of payment card transactions. Failure to comply may result in fines—up to
$500,000 per incident—and the potential inability to process credit card
transactions.
The Business Challenge
As a very comprehensive standard, PCI DSS presents its first real challenge
in its infrastructure coverage. The twelve requirements that comprise PCI
DSS span the IT infrastructure, calling for the monitoring and analysis of
data generated by all systems, network appliances and security solutions.
Therefore, an effective PCI DSS solution must collect and process a variety
of different types of data across the enterprise.
Processing includes the correlation, analysis and reporting of data. If
analysis fell to a few IT security analysts, or even an entire team, timely
response to important security or compliance risks would be nearly
impossible. Thus, to round out effective support of all twelve PCI DSS
requirements, automation is essential.
The eIQ Solution
eIQ’s SecureVue security, risk and audit management platform combines
enterprise security management (ESM) and IT governance, risk and compliance
(GRC) to help organizations address all twelve PCI DSS requirements. By
collecting, archiving, correlating, analyzing and reporting on log,
vulnerability, configuration, asset, performance and network behavioral
anomaly data, SecureVue merges the complex monitoring, testing and auditing
demands of PCI DSS and other standards into a single solution. The automated
end-to-end correlation of data—alongside built-in analytics—renders
processing an easily manageable task.
SecureVue’s comprehensive compliance library—containing over 5,000 technical
and functional controls—enables organizations to define, monitor and measure
PCI DSS compliance. The platform’s wizard-based policy mapping also allows
organizations to add and modify regulations and best practices to address a
broad range of unique business drivers, including internal practices,
service level agreements and business partner requirements.
The following PCI DSS monitoring support chart compares SecureVue’s
integrated platform against traditional security information management (SIM)
and IT GRC solutions:
Supported
Partial Support
Not Supported
For More Information
SecureVue
Solution
Data Sheet: SecureVue PCI DSS Support
White Paper: Achieving PCI DSS Compliance
PCI Security Standards Council Website |
