http://compliancehome.com/rss/news-FFIEC.xml
pop up description layer
SecureWorks' New Compliance Central Service Streamlines the Governance, Vendor Risk Management and Compliance Lifecycle of Organizations
SecureWorks, Security-as-a-Service provider, has launched a new service called Compliance Central, aimed at simplifying and automating the vendor risk management process. Organizations that have affiliates like vendors, service providers, franchisees, channel partners, electric distributors, etc. can use Compliance Central to develop and administer self-assessment questionnaires, which their affiliates can use to attest to security policies and procedures they have in place. Compliance Central will house all their compliance documentation in a centralized, secure portal. This new service provides clients with a cost-effective way of managing workflow for thousands of affiliates. Additionally, when affiliates have to facilitate communication with their managing organizations, complete questionnaires or upload documentation attesting to their security policies and procedures, Compliance Central will allow them to do so with ease and confidentiality.
Have Questions About Payment Card Industry (PCI) Compliance? Sign up and Join the PCI DSS Forum
Payment Card Industry Data Security Standards compliance, commonly known as PCI DSS to many, is fast becoming a mandatory requirement for many merchants, service providers, and other third party processors and providers that are directly involved in the processing, storage, or transmission of transaction data or cardholder data. The who, what, when, where, and why of PCI DSS compliance can be daunting at times, as a vast amount of information must be read, comprehended and distilled for truly understanding the dynamics of Payment Card Industry Data Security Standards (PCI DSS) compliance.
CorreLog Correlation Server: Now Available for Public Download and Trial
CorreLog, announced the public release of its flagship product, the CorreLog Server, which provides high-speed, real-time correlation of message data. Previously, this software has been available only to selected partners of the company. The complete CorreLog system is now accessible for general public download from www.correlog.com, for installation on Windows 2000, 2003, 2008, XP, and Vista platforms. The CorreLog Server performs high speed, real-time correlation of syslog, SNMP trap, and Windows event log messages using a unique semantic correlation algorithm. The server then takes specific action on the correlated results, such as by opening trouble tickets, running notification programs, or executing recovery and reporting programs. This permits the system to operate as a stand-alone message aggregator, and also serve as the correlation component in a larger management strategy.
Skybox Security First IT Risk and Compliance Management Vendor to Support Juniper Networks Network and Security Manager (NSM) API
Skybox Security, provider of automated risk and compliance management software announced the support for the Juniper Networks new Network and Security Manager (NSM) API. The combined solution enables enterprises to maximize their investment in Juniper firewall security to lower compliance costs, eliminate configuration errors, and reduce IT risk exposure. In addition, the combination provides significant CAPEX and OPEX savings in the areas of: firewall rule optimization, configuration and compliance assurance, change assurance, compliance audit, and network access policy management.
Application Security Is Top of Mind as Evidenced by Ounce Labs Record Growth in 2008
Ounce Labs announced a surge in growth with a revenue increase of 195 percent in 2008 over 2007. Continued customer adoption and expansion of existing customer installations contributed to Ounce's success in 2008, while in the second half of 2008 the growth was further fueled by the company's new pricing model which lowers the traditionally high entry-point for static application security testing. We grew by nearly three times over our revenue growth in 2007. That, coupled with bookings growth of 98 percent in the second half compared to the first half of 2008, is a testament to the growing awareness that organizations need to minimize and control risk through static application security testing, said Ounce Labs' CEO, Gary Jackson.
SecureWorks Upgrades Managed Log Retention Service with New, Proprietary LogVault(TM) Appliance
SecureWorks announced that it has upgraded its Managed Log Retention Service with the launch of its own proprietary log retention appliance, LogVault. One of the key benefits of using SecureWorks' LogVault appliance and Managed Log Solution is that it gives organizations an affordable, fully managed alternative to the log management products currently on the market. SecureWorks' upgraded Managed Log Retention Service provides a robust solution to organizations for aggregating and archiving all relevant logs, as required by regulations such as PCI, GLBA, NERC and HIPAA.
Edgeos, Inc. Introduces New Month-to-Month Pricing Model For Private Labeled Vulnerability Assessment Services Offering
Edgeos, provider of private labeled, managed vulnerability assessment services, announced today that it will add a new month-to-month based pricing model to its existing suite of managed vulnerability assessment services. This new flexible pricing plan enables smaller technology services providers to start offering vulnerability assessment services without having to commit to a monthly minimum at the outset. This new offering supplements Edgeos' existing subscription-based, software-as-a-service offering, which provides technology service providers, managed services providers, security consultants and security services providers, internal IT/IS organizations, value added resellers, carriers, ISPs, and systems integrators with private labeled vulnerability assessment services on demand.
QBS Leads Global Retailers PCI Compliance Program
Representatives of QBS, a consulting services firm providing technology and management solutions, announced today the successful transition of a multi-faceted Payment Card Industry (PCI) Compliance program, including the implementation of an industry first payment terminal solution. QBS recently completed the final program transition with Regis Corporation, the industry's global leader in beauty salons, hair restoration centers and cosmetology education. QBS provided program management, project management and strategic leadership to Regis during the entire compliance program, from initial strategic planning through implementation.
ASI Meets PCI-DSS Self-Assessment Validation Type Five for iMIS
Advanced Solutions International (ASI), the leading global provider of web-based solutions for associations and non-profits, has obtained level five service provider compliance with the Payment Card Institute Data Security Standards (PCI-DSS) in support of its iMIS solution. ASI conducted the self-assessment process of review and implementation of policies, procedures and technologies to meet the 2009 PCI Compliance requirements. Level five is the highest level, and applies both to iMIS and to ASI hosting services. The PCI-DSS is a set of comprehensive, self-assessment standards developed by the PCI Security Standards Council to reinforce credit card payment data security, and facilitate the adoption of consistent measures by merchants, third-party technology providers and any organization that stores, processes or transmits cardholder data.
iStream Financial Services' Anticipation of Risk Management Related to Remote Deposit Capture Pays Off
iStream Financial Services, Inc., a financial technology company in the business of managing payments, announced today the company's systems, policies and practices are on target with the FFIEC's newly-released guidelines for risk management for Remote Deposit Capture (RDC). These new risk management guidelines from the FFIEC are critical guidelines for examiners, business owners, banks and technology providers as many of the solutions out there aren't as secure as they could be. Based upon our experience in payments, we anticipated and appreciate the need for these controls. That said, we've worked hard to ensure the reliability of our systems and procedures surrounding our solutions. The completion of our SAS 70 Type II specific to RDC processes is just one way we have proved our commitment to our customers, said Fred Joachim, President, iStream Financial Services.
Cymtec Systems Unveils Industry's First SaaS-Delivered and Highly Cost-Effective Intrusion Detection Solution
Cymtec Systems, provider of tools that help companies optimize network performance and fulfill the rigorous audit and compliance standards imposed on today's organizations, today announced availability of Cymtec Scout 3.0, the latest version of its flagship Intrusion Detection Solution (IDS). Cymtec Scout 3.0 provides powerful threat detection capabilities with a unique plug-and-play Software-as-a-Service (SaaS) delivery model. With no resource dedication to maintain the solution, Cymtec Scout 3.0's unique architecture significantly reduces an organization's cost of protecting its network assets and complying with today's rigorous audit/compliance reporting standards, despite the faltering economy and reduced IT budgets.
Xceedium Teams With RSA To Provide Interoperable Authentication And Policy Enforcement Technology
Xceedium, provider of entitlement management solutions that control high-risk users, announced that it has joined the RSA Secured' Partner Program and RSA, The Security Division of EMC, has certified interoperability between Xceediums GateKeeper and the RSA SecurID' two-factor authentication solution. This certification formalizes a technical partnership with RSA and allows joint customers to leverage Xceediums comprehensive entitlement management solution to manage access to network resources for high-risk users through the use of RSA SecurID two-factor authentication technology.
INetU Earns PCI Compliance & Visa Certification For Managed Hosting
NetU Managed Hosting (www.inetu.net) has been recognized as a PCI certified managed hosting service provider by Visa. Trustwave, a Qualified Security Assessor specializing in the Payment Card Industry Data Security Standard (PCI), has completed an audit of INetU's network and hosting service and delivered a Report On Compliance (ROC) confirming INetU's status as a PCI compliant service provider. Visa has accepted INetU's ROC and certified INetU as a PCI compliant hosting service provider. What is remarkable about INetU's PCI compliance is that the assessment covered the company's managed hosting practices. Most hosting companies that achieve PCI compliance do so only on a collocation service level.
CoSentry and Alegent Health Announce Collaboration for Construction of an Enterprise-Class Data Center
CoSentry, provider of data center and managed technical services, and Alegent Health, one of the nation's premier healthcare providers, announced formation of a joint venture to construct and operate an enterprise class data center in Papillion, Neb. The Midlands Data Center will provide the high availability requirements of Alegent Health's hospital and clinical applications along with other security requirements for the electronic storage and retrieval of vital medical records. This state-of-the-art facility will also address the high-density, high-availability computing requirements for many of the region's public and private organizations served by CoSentry. By combining the data center requirements of CoSentry and Alegent Health, significant economies of scale will be realized in construction costs, cooling and electrical infrastructure investments as well as on-going operational expenses especially in the area of energy utilization efficiencies.
Fortrex Technologies Responds to the Credit Union National Association's Due Diligence Task Force's Third-Party Management Guide
Fortrex Technologies, provider of IT security, operational risk and compliance solutions, announced a response to the Credit Union National Association's (CUNA) due diligence task force's third-party management guide.CUNA did a fantastic job creating the extensive vendor management due diligence guide. It will be very helpful for credit unions to identify the key features and functionally necessary when they are ready to purchase a vendor management technology solution, said Mike Edison, Chief Executive Officer, Fortrex. CUNA's guide documents the functionality that has been in our market leading VendorPoint product for years. The identify, measure, monitor, and manage philosophy of vendor due diligence has been the cornerstone of VendorPoint since it was brought to market in 2005.
ClearPoint Metrics and LogLogic Connect to Provide Comprehensive IT Risk Management Solution
ClearPoint Metrics, the IT and Information Security performance metrics company announced the availability of data connection capabilities between ClearPoint's Security Performance Manager and LogLogic's Compliance Suites. LogLogic Compliance Suites offer a window into all user activities across an organization's IT infrastructure and provide a real-time view of adherence to multiple regulations and standards. With ClearPoint's new data adapter LogLogic's enterprise customers can leverage ClearPoint's security performance management solution to obtain advanced metrics on internal IT security initiatives and cost effectively communicate the state, quality, and effectiveness of their initiatives throughout the organization.
Aruba Networks Introduces PCI Compliance Reporting in New AirWave Wireless Management Suite 6.2
Aruba Networks announced the release of AirWave Wireless Management Suite 6.2. The new management suite includes Payment Card Industry (PCI) Data Security Standard (DSS) compliance reporting. The PCI standard defines security guidelines for merchants and service providers that store, process and transmit cardholder data. The newly introduced in-depth compliance reporting feature evaluates individual managed devices against several PCI requirements to validate that safeguards are working as intended. The report also summarizes any intrusions detected by the wireless intrusion protection system, as well as any detected rogue wireless access points.
PETCO to Present New In-Store Mobility and PCI Compliance Solution Using Aruba Networks at NRF Big Show
Aruba Networks, a global leader in wireless LANs and secure mobility solutions, announced that J Smith, Vice President of Network & Store Systems at PETCO Animal Supplies, Inc., will present at the National Retail Federation's 98th Big Show on how PETCO has deployed new Aruba-based in-store mobility solutions to achieve PCI compliance and reduce costs. The presentation, titled In-Store Mobility Done Right: Improving Processes in a PCI-Compliant & Cost-Effective Manner, will be delivered at 10:30 a.m. on January 13, at the Big Ideas session at the Jacob K. Javits Convention Center in New York City.
PCI Compliance Provider, ControlScan Announces CEO Joan Herbig will join the Electronic Transactions Association's Risk and Fraud Committee
ControlScan (controlscan.com), provider of PCI compliance and security solutions exclusively focused on small merchants, announces Joan Herbig's appointment to the Electronic Transactions Association's (ETA) Risk and Fraud Committee. Since ControlScan is exclusively focused on helping smaller merchants achieve PCI compliance and become more secure businesses, Joan has a unique perspective on this segment of the market and its impact on the broader industry. As Chair of the Technology Association of Georgia, Joan also understands how to get things done on a grassroots level, which is critical for our committee.I am looking forward to participating on the Risk and Fraud committeeMy key objective is to help make complex issues simpler to understand, particularly for small companies who are struggling to understand and prove compliance with PCI standards.
Aria Systems Selects Tripwire Enterprise for Configuration Control
Tripwire has announced that Aria Systems has selected Tripwire Enterprise to help it comply with the Payment Card Industry Data Security Standard (PCI DSS). Tripwires configuration assessment and file integrity monitoring solution allowed the company to successfully achieve PCI certification while enabling its staff to focus on projects that generate more business.Tripwires experience with PCI enabled us to focus on hardening our systems rather than interpreting PCI requirements. Judging by the assessors response, we got it right, said E. Barry Smith, Chief Financial Officer at Aria Systems.
e-DMZ Security Signs World-Wide Purchase Agreement with Leading Bank
e-DMZ Security, provider of Privileged Access Control Solutions, announced that it has signed a world-wide purchase agreement for the global deployment of Password Auto Repository (PAR) with another top 10 bank. This win extends PAR deployment to now include 5 of Forbes 2008 top 7 ranked banks. This win once again validates that for shared account password management, our Password Auto Repository continues to be the product of choice for many of the worlds largest enterprises, said Martin Ryan, Vice President of Sales at e-DMZ Security. We continue to have a very high win percentage when opportunities are competitive as was the case in this win. When companies take the time to evaluate PAR against other solutions, they realize PAR is not only more cost effective, it has proven scalability and is able to extend beyond privileged password management to include privileged session management, control and recording.
Magensa Makes Online Shopping and Banking Faster, Easier and Safer with the New QwicKey Portable Online Security Device
Magensa, a premier authentication solutions provider, announced the launch of QwicKey, a new portable online security device that delivers superior password management, automated form completion and one-click login. Working with a secure magnetic stripe reader, browser software and the existing magnetic stripe cards in consumers wallets (credit cards, payment cards, many state licenses, insurance cards and other forms of identification), QwicKey enables consumers to quickly, accurately and safely use their personal information without risk. Consumers today use a password and user name for just about every secure transaction they perform. However, some consumers put themselves at risk by using the same user name and password on all of their sites opening themselves up to massive damages if there is a security breach. Other consumers are faced with remembering countless user names and passwords that often interfere with online transaction processing, which can already require a substa
IGT Awarded The First PCI DSS 1.2 Certification
IGT, a pioneer in travel technologies and services received the coveted PCI DSS 1.2 certification from leading PCI DSS QSAC, ControlCase. IGT is the first Travel BPO Organization to become PCI DSS 1.2 compliant. It has successfully met the newest version of the Payment Card Industry Data Security Standard (PCI DSS) compliance requirements. ControlCase conducted a meticulous audit process of IGTs security measures used in protecting e-commerce customers and their data involving travel transactions.ControlCase awarded IGT with the PCI DSS 1.2 compliance rating after IGT met the 259 Requirements (grouped into 12 broad categories) that make up the control objectives. Data security continues to be a concern for customers making payments over the internet. IGT supports millions of travel transactions annually and enables consumers to make travel purchases in a highly secure manner both online and remotely.
nCircle Signs New PCI Partnerships
nCircle, provider of automated security and compliance auditing solutions, today announced 4 new PCI partnerships; Datassurant of Reston, Virginia, Sacramento Technology Group LLC of Folsom, California, American Technology Corporation (ATC) of St Louis, Missouri and RavenEye of Tampa, Florida. All partners will be using the nCircle Certified PCI Scan Service(TM) as a component of the PCI compliance services they deliver to their customers. The nCircle Certified PCI Scan Service -- based on nCircle's market-leading auditing technology used by more than 4000 customers worldwide -- delivers an end-to-end automated PCI compliance certification service to accurately evaluate a merchant's payment network, prioritize and address vulnerabilities based on the PCI Data Security Standard and generate the required report certifying compliance efficiently and cost-effectively.
Skybox Security Joins PCI Security Standards Council as Newest Participating Organization
Skybox Security has announced that it has joined the PCI Security Standards Council as a new participating organization. As a Participating Organization, Skybox Security will work with the Council to evolve the PCI Data Security Standard (DSS) and other payment card data protection standards. Skybox is the first and only network compliance and assurance vendor to support the PCI DSS V1.2 standard released in October. Through its participation, Skybox aims to the advance the automation of assessments and compliance processes for network-related PCI requirements - some of the most difficult for enterprises to enforce due to high complexity and labor costs. The PCI DSS, endorsed by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., requires merchants and service providers that store, process or transmit customer payment card data to adhere to information security controls and processes that ensure data integrity. More information on the c
Monext Chooses Verizon Business Security Solutions to Support Delivery of Industry-Compliant Bank-Payment Services
Verizon Business' Professional Services Will Enable Certification of Monext's Processing System Monext France (formerly Experian), a pioneer of e-commerce transactions, has entrusted Verizon Business Security Solutions to help the company's online bank-payment processing system meet industry standards for protecting confidential data. Verizon Business provides professional services support and expertise to obtain Payment Card Industry Data Security Standard (PCI DSS) certification for Monext's processing system, Payline.
Largest Home Health Care Organization Chooses LogLogic to Protect Patient Records and Achieve Hat Trick Compliance
LogLogic, the log management leader, announced today that Visiting Nurse Service of New York the nations largest not-for-profit home health care organization has chosen LogLogic to supply its mid-market log management system. LogLogics mid-market log management and intelligence appliance will enable Visiting Nurse Service of New York (VNSNY) to protect patient records and credit card information for more than 131,000 patients throughout New York City and Westchester and Nassau Counties. During the average day, VNSNY provides home healthcare services to between 30,000 and 35,000 clients and generates an enormous quantity of data, all of which must be tracked, securely stored and easily retrieved.
Skybox Security Updates Firewall and Network Compliance Auditor Products For New PCI Standard
Skybox' Security, pioneer in automated risk and compliance management software, announced the general availability of Skybox Assure(tm) version 4.1 composed of two products: Firewall Compliance Auditor and Network Compliance Auditor. The new release enables enterprises to automate their assessment and compliance processes for requirements 1, 6, 11 and 12 of the Payment Card Industry's Data Security Standard V1.2 (PCI DSS). With Skybox Assure 4.1, enterprises can eliminate today's manual approach to assessing the compliance of their networks against PCI requirements. Through automation, analytics, modeling and what-if prediction, enterprises can maintain compliance with the PCI DSS requirements on a daily basis or on an ad-hoc basis, while freeing expensive resources to other critical tasks. Customers report a dramatic reduction in cost while achieving a high degree of compliance.
Modulo Hosts Free Webinar on Compliance with PCI Security Standards
Modulo, provider of IT Governance, Risk and Compliance solutions, is offering a Free Webinar, Comply with Evolving PCI Security Standards & Compliance Mandates, to be held on December 11, at 2pm (EST). This complimentary event will be presented by Bob Russo, General Manager of the PCI Security Standards Council. All organizations that process, store, or transmit payment card data must follow PCI DSS requirements. The webinar is designed for IT staff members directly responsible for overseeing and managing assessments and audits associated with this standard. The event will feature Bob Russo as well as Modulo's John Ambra, North American Regional Manager, and Ron Radcliff, VP of Sales.
eCommLink Among First Companies to be Certified Compliant on PCI DSS Version 1.2
eCommLink, a prepaid processor, has successfully passed its annual Payment Card Industry Data Security Standards (PCI DSS) audit and is an early adopter of version 1.2 of the guidelines, which was just released and not required until January 1, 2009. Security is an integral part of everything we do and a core philosophy of our business. Being one of the first to certify on the new standard is just a further demonstration of our commitment to maintaining the security of our systems and our clients' data, stated Victor Newsom, Senior Vice President of Operations, eCommLink.
New Mobile Retail Platform Achieves PCI Compliance
New West Technologies, Inc. has announced its Mobile Retail Platform (MRP) has been approved by VISA to be Compliant with PCI Standards. Payment Card Industry (PCI) compliance is a complex and ever evolving subject affecting millions of businesses - acquiring banks, Independent Sales Organizations (ISOs), processors, hosts, shopping carts, e-commerce and retail merchants and other merchant services providers.
VirtualLogger Announces VirtualVault Security Enhancements for Call Centers
Because security breaches can lead to fraud, identity theft, and financial and legal pain for the business that allows them, data security has become a critical component for call centers. VirtualLogger has designed VirtualVault, a secure data handling program to support this important business imperative. Every call center that handles credit card transactions must meet the requirements of the Payment Card Industry (PCI) data security standards. Health care companies must comply with Title II of HIPAA to control fraud and abuse. And on January 1, 2009, every business storing personal information on Massachusetts residents must adhere to that state's standards, which include encryption, secure passwords and other measures.
Avis Europe Selects Tideway to Power Change Control for IT Compliance
Tideway, one of the fastest growing providers of IT automation software, announced that Avis Europe has selected Tideway Foundation to enhance change control and validation in its distributed data center environment. The implementation will help Avis meet audit and compliance requirements, provide decision support and reduce the risk of service outages due to unplanned or improperly implemented changes.Foundation will provide Avis with detailed and continuous information on what changed in their infrastructure, allowing them to reconcile and drill down on specific changes, identify unauthorized activity and confirm all changes follow the appropriate change management process. Foundation's new user-defined, shared dashboards will provide a fast, rolled-up view of changes in Avis' IT environment.
Global DataGuard Announces Partnership with EIS Data Systems for Network Behavior Analysis-Based Enterprise UTM and Managed Services
Global DataGuard, the premier provider of network behavioral analysis-based (NBA) Enterprise Unified Threat Management for small and medium business to large enterprise environments, today announced a partnership with EIS Data Systems, whereby EIS will offer Global DataGuard's fully integrated Enterprise UTM security suite and Managed Services to government, education and private-sector businesses in the southeast United States. Headquartered in North Carolina, EIS Data Systems offers design, installation and implementation of a wide range of network technology products and services to enterprise businesses and local and state government in the Southeast United States, with a special focus on the needs of the education community in that region. At EIS, we believe that it is important to provide not only a quality solution, but back it with installation, training and support as well, said Sherry Johnson, president of EIS Data Systems. We chose to partner with Global DataGuard because ou
Achieving Compliance and Realising Cost Savings
Innovation Software Consultants has launched 'Tracesoft' - a quality management tool to meet the demands of British Retail Consortium (BRC) Global Standards for those supplying major retailers. The Global Standards represent 'best practice' for food, non-food and packaging materials suppliers, explained Innovation Software Consultants', Stephen Mumby. It is a gauge against which manufacturers of not just retail brand/own brand products but also branded products, are evaluated - so is critical for these organisations.
eMeetingsOnline Proves Compliance and Realizes Operational Efficiency With Tripwire Enterprise
eMeetingsOnline, a Denver-based company that offers a web-based, single-source solution for the conference management and travel industries, has selected and implemented Tripwire Enterprise, the leading configuration control and change auditing solution. eMeetingsOnline chose Tripwire Enterprise to help it quickly prove and maintain PCI compliance. As a result, the company experienced a reduction in the costs involved in ongoing PCI audits and enhanced operational efficiency in its IT department.
XProtean Solutions Achieve PCI Compliance
XProtean, provider of Integrated Retail Management Solutions for small format retailers including the fast-growing segments of Convenience and Fuel Retail, and Quick Serve Restaurants, announced that their QSR and Convenience Store Solutions achieved PCI compliance. The PABP audit was performed by Coalfire System, Inc, a Visa-approved independent quality service assessor. Adherence to PCI data security standard is required of all merchants/service providers that store process or transmit credit/debit card data. PCI security requirements are intended to protect consumers wherever their data resides. With these standards in place the onus now lies on the merchant to ensure their business operates in a compliant manner. Hence, moving forward in order to comply with all the PCI DSS requirements, merchants will have to use PABP compliant POS solutions.
RegScan Revolutionizes Regulatory Compliance with RegScan GCS 2.0
RegScan announced its new, industry-leading regulatory compliance service, RegScan GCS 2.0. With new patent-pending technology and more than 15 new tools, RegScan has revolutionized regulatory compliance.Parallel Topical Search (patent-pending) enables users to simultaneously research Federal and state regulations by common sense topical areas. By enabling users to look at the Federal and state regulations by topic in a side-side format, a user can quickly and easily determine if there is any regulatory difference and what that difference is. RegScan GCS 2.0 has also changed traditional searching by creating easy-to-use interfaces for both the power and the occasional user.
Global SOX Compliance: Finding Common Ground Reduces Cost, Effort
Compliance pressures are growing in today's international economy. Enterprises must abide by an increasing number of global and regional regulations and standards, interpret sometimes vague guidance, and adjust quickly to regulatory updates as well as new interpretations of existing regulations. However, if compliance management is unified and controlled, it offers the opportunity for improved operations and might just help you get out of that special level of Dante's IT hell that SOX has created. Network Frontiers, the leader in IT regulatory compliance management, today announced the release of the Q4 2008 Unified Compliance Framework (UCF), an independent database that distills the requirements from hundreds of regulatory standards into one cohesive information source, significantly easing enterprise regulatory compliance efforts.
VMware is Joining PCI Security Standards Council as Participating Organization
VMware, the global leader in virtualization solutions from the desktop to the datacenter, announced that it is joining the PCI Security Standards Council. As a participating organization, VMware will work with the council to evolve the PCI Data Security Standard (DSS) and other payment card data protection standards. This will help those VMware customers in the retail industry who are required to meet these standards to remain compliant while leveraging VMware virtualization. VMware has also launched the VMware Compliance Center Web site, an initiative to help educate merchants and auditors about how to achieve, maintain and demonstrate compliance in virtual environments to meet a number of industry standards, including the PCI DSS.
Solidcore Announces First Integrity Monitoring and PCI Compliance Solution for IBM 4690 Retail POS Environments
Solidcore Systems announced its Integrity Monitoring Solution for IBM 4690 point of sale (POS) environments. The solution is the first of its kind to monitor and alert on changes to IBM 4690 POS Controllers, which provide both the application and operating system images to the client terminals in many of today's retail environments. IBM 4690 systems represent a large install-base of retail POS systems and Solidcore's capabilities for monitoring the integrity of these systems will help retailers using these systems to quickly verify Payment Card Industry (PCI) compliance. According to Greg Buzek, president of the IHL Group, IBM 4690 POS terminal sales drove $1.02 billion in hardware, software, and maintenance in 2007, and there is a significant installed base within the category of superstores/warehouses and mass merchants that rely on this operating system with 64% of the installed base.
Brabeion Releases ROI Guidance to Support Risk and Compliance Cost Cutting While Meeting Increasing Regulatory Demands
Brabeion Software, a market proven provider of IT Governance, Risk and Compliance (IT GRC) Management software, today released an executive brief aimed at supporting enterprise cost cutting initiatives, while meeting increasing regulatory demands. Faced with the 2008 financial crisis, companies are being forced to reduce costs while preparing for an impending increase in regulatory demands. As such, organizations must improve the operational efficiency of their risk and compliance initiatives while providing a scalable framework on which to build and run their risk and compliance program.
TriGeo Network Security Expands International Reach With Phoenix Datacom Partnership
TriGeo Network Security, provider of security information and event management (SIEM) technology for midmarket enterprises, is aggressively expanding its international presence to meet increasing demand for its Security Information Manager (SIM) solution. The company's strategic partnership with Phoenix Datacom, a leading supplier of network performance and security solutions in the UK and Ireland, provides easy access to the industry's only real-time log management and compliance solution that can actively defend the network.
Major Utility Chooses LogLogic To Help It Meet Regulatory Requirements
LogLogic, the log management leader, announced that Ameren Corporation one of the nation's largest investor-owned electric and gas utilities has chosen LogLogic to supply its enterprise-class log management system. LogLogics log management and intelligence solutions will allow Ameren to meet government regulatory requirements and improve real-time reporting and problem alerting by collecting user activity logs across a multitude of computer systems inside the company.
The Body Shop Selects LogLogic for Global PCI DSS Compliance and Log Management Requirements
LogLogic, announced that global retailer, The Body Shop, has selected its log management and intelligence solution for global PCI DSS compliance support. To meet industry regulation targets (set by VISA and MasterCard) for securing customer payment card information and to improve security best practices, The Body Shop will use the LogLogic solution to gain visibility of security events within the infrastructure environment where it handles, processes and stores credit card holder information. Through out of the box standard PCI reports and fully customised customer specific reports, LogLogic will enable The Body Shop to verify processes automatically and protect the integrity of log data for purposes of attestation and litigation. In addition the reports provide a significant reduction in risk by delivering real-time, automated alerting on policies and controls.
MLSListings Launches Strong Authentication System
MLSListings, a Silicon Valley-based regional Multiple Listing Service (MLS), announced the launch of an innovative online security initiative featuring the A-OK On-Demand service from Arcot Systems. Selected for its ease of use and powerful capabilities, the A-OK On-Demand service transparently protects the identities and data of MLSListings' users. MLSListings is using this solution for user identity verification as part of MLS data security initiatives. Similar to security used in the online banking industry, MLSListings' deployment of the A-OK service simply requires a user to select 4 validation questions and answers that may be used at a future time to verify the user's identity. Behind the scenes, the system provides multiple layers of protection including dynamic risk-based authentication and two-factor authentication completely in software.
TriGeo Partners With COMPUTERLINKS to Launch North American Channel Partner Program to the Midmarket
TriGeo Network Security, provider of security information and event management (SIEM) technology formidmarket enterprises, today announced its partnership with COMPUTERLINKSto deliver a comprehensive channel partner program in North America.COMPUTERLINKS is a global value-added distributor (VAD) with a strongheritage in security and IT infrastructure solutions.
Hypercom Introduces HyperSafe(R) Secure(TM) to Protect Cardholder Data
Hypercom Corporation introduced HyperSafe Secure, a solution that encrypts cardholder data during transaction processing so that sensitive information is never exposed. HyperSafe Secure is specifically designed to combat and halt the growing enterprise of criminal efforts to steal unencrypted cardholder data through breaches of merchant networks, applications and servers that store and transmit sensitive cardholder data.
MasterCard Worldwide Enhances PCI Merchant Education Program for PCI DSS 1.2
MasterCard Worldwide announced the availability of two new seminars designed to help merchants protect payment card data and reduce the likelihood of reputational risk and fraud. The new seminars are titled 'Data Storage' and 'PCI DSS Requirements -Version 1.2.' The seminars further expand MasterCard's PCI Merchant Education Program, an initiative offered to acquiring bank customers to provide practical assistance in educating merchants and encouraging broader adoption of the Payment Card Industry Data Security Standard (PCI DSS). With the addition of the two new seminars, there are now 14 Web-based, complementary modules featuring actionable advice from MasterCard and industry experts available online.
First National Bank of Gilmer Looks to Secure Identity Systems for Red Flag Compliance
First National Bank of Gilmer, serving Gilmer, Texas, today announced that it has chosen Secure Identity Systems to provide New Account Authentication and Change of Address Verification for all consumer accounts. These are two of the critical requirements for Red Flag compliance requiring all banks and financial institutions to formally address the risks of identity theft, and develop and implement identity theft protection procedures to mitigate those risks. Secure Identity Systems' New Account Authentication will help First National Bank of Gilmer take authentication beyond the standard two forms of ID. When a customer attempts to open a new account, SIS's solution instantly consults a series of databases, including the Social Security Administration, credit bureaus, and local property databases, for the most accurate and current information to authenticate the identity of the new account holder. SIS also provides USA Patriot Act compliance, checking customer ID information against O
© 2004-2010 LeighRSS.com Privacy Policy | Terms of Use | FAQ | Advertising | Contact Us
View the Original article
No comments:
Post a Comment