Data Sheet For Erg

460 views

Published on

Data Security Standard Compliance Readiness Review

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
460
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Data Sheet For Erg

  1. 1. Data Sheet: Middleware Security Services Evans Resource Group™ Data Security Standard Compliance Readiness Review Providing organizations with expert advice and gap analysis of existing practices compared to the Payment Card Industry (PCI) Data Security Standard and is applicable to Sarbanes Oxley, HIPAA, FISMA and Gramm Leach Bliley Overview to mis-configuration. This is an area (Middleware) that up until recently has not Have you heard of the Hannaford breach? been audited properly for regulatory Most companies and auditors don’t compliance, yet based on recent breaches is understand how it could happen. If the now under scrutiny. perimeter is secure, how can a hacker possibly get in? After all, they were ERG works with an Authorizing considered PCI compliant… We want to Officer (CCO, CISO, CFO, etc.) and/or take a moment and pro-actively inform you Security officer at your organization to of a potential security concern that requires discuss the issue from a regulatory your prompt attention and a free security compliance perspective. The review was check that can prevent you from being the developed as an efficient two step process next Hannaford. We have been working in that will not require any cost and minimal conjunction with IBM to raise awareness time. It will ensure your organization is fully about the risks of WebSphere MQ networks aware of the issue, and has conducted the that have not been fully configured to enable proper due diligence to establish that your security and the respective impact on data both meets applicable regulatory regulatory compliance. This is not due to an requirements and is not exposed. issue inherent in WebSphere MQ, rather one that happens as a result of System Most organizations that handle credit card Administrators not applying security payments must demonstrate compliance correctly, or in some cases not at all. with the Payment Card Industry (PCI) Data Security Standard by completing a variety of Put simply, your data could be exposed card-issuer requirements. However, most through mis-configuration issues during auditors are not trained to look over an installation and maintenance of WebSphere important part of the network (Middleware), MQ. IBM and our security team have found resulting in exposures. that a vast majority of WebSphere MQ networks have some exposure attributable The ERG™ Data Security Compliance Readiness Review helps organizations prepare for PCI, SOX, HIPAA, FISMA and GLB compliance by providing expert advice and gap analysis of existing practices compared to the PCI Data Security Standard. PCI is the high water mark in the industry and organizations employing these middleware standards have less risk associated with their networks. This review helps educate organizations about the PCI Data Security Standard and compliance requirements as they map to middleware exposures. ERG is a member of the PCI Security Council and our security consultants and partners are certified according to Visa® USA’s Qualified Data Security Company (QDSC) requirements and are CAP certified. Leveraging their extensive security and middleware experience, ERG consultants identify and analyze issues of concern, and recommend the solutions and processes necessary for the organization to meet 575 Madison Avenue, Suite 1006 New York, NY 212.937.8443
  2. 2. PCI security requirements. At the conclusion of each review, ERG consultants meet with the organization, outline the necessary next steps to prepare for PCI compliance, and identify areas where improvements may be needed for compliance. Depending on the outcome of the organization’s needs, ERG can also provide consultation and products to help develop and execute remediation plans for any non-compliance issues that are discovered. In addition, ERG’s certified consultants can help articulate the objectives, strategies, and needs related to meeting data governance requirements to the company’s executive management. This collaborative effort helps direct the organization’s readiness activity and strategic planning in preparation for PCI, SOX, HIPAA, FISMA or GLB compliance, and can ultimately significantly reduce the cost of meeting compliance requirements. Key Features  Free Order of Magnitude Assessment to determine if there is an exposure due to mis- configuration or non-configuration of WebSphere MQ.  Educates organizations about the data governance standards including PCI, SOX, HIPAA, FISMA and GLB standards and compliance requirements for Middleware.  Provides a process to initiate, certify, authorize and monitor data security for Middleware.  Identifies and analyzes potential deficiencies or lack of controls that could result in failure to comply with Data Security Standards as they apply to the high water mark of the Payment Card Industry standards and practices.  Provides a preparatory gap analysis that identifies potential areas of non-compliance.  Recommends the solutions and processes necessary to meet PCI requirements prior to completing the self-assessment questionnaire or commencing an on-site security audit.  Reviews policy and procedure documentation, system and network device configuration details, and network and application architecture guidelines as it relates to the Middleware network.  Delivered by world-class ERG security consultants, who are certified according to Visa® USA’s Qualified Data Security Company (QDSC) requirements.  Facilitates the organization’s understanding of data security requirements and how existing information security controls measure up to the standard. Key Benefits  Facilitates the organization’s understanding of data security including PCI, SOX, HIPAA, GLB and FISMA as they apply to your organizations security requirements and how existing information security controls measure up to the standard.  Helps compliance and audit managers articulate to executive management the objectives, strategies, and needs related to data security (PCI, SOX, HIPAA, GLB, or FISMA) requirements for budgetary and resource planning purposes.  Clarifies the potential impact of PCI requirements on an organization’s existing IT infrastructure, business operations, and strategic activities.  Remediates WebSphere MQ exposures as they relate to administrative, application and data exposures More information Visit our Web site http://www.evansresourcegroup.com About Evans Resource Group Evans Resource Group is the leader in Middleware information security and systems integration methodologies providing a broad range of software, appliances and services designed to help individuals, small and mid-sized businesses, and large enterprises secure and manage their IT Enterprise Integration Infrastructure. Headquartered in New York, NY, ERG has operations in more than 10 countries. 575 Madison Avenue, Suite 1006 New York, NY 212.937.8443

×