Security Management Solutions
Security Management Solutions
Overview | Management | Board & Investors | Careers | Contact Us
Overview | NerveCenter | InfoCenter | ThreatCenter | LogCenter | InfoCenter on IBM BladeCenter
Overview | Compliance Solutions | Security Management Solutions | Network Management Solutions
Overview | Professional Services | Education & Training | Customer Support
Overview | Case Studies
Overview | Premier Partners | Strategic Partners | Technology Partners
Press Releases | Articles & News | Tradeshows & Exhibits
Security Management & OpenService Network Monitoring Software

PCI Compliance


Sponsored by collaboration between MasterCard, Visa, American Express, Diners Club, and the Discover Card, the Payment Card Industry Standard (PCI) is an effort to protect consumer information and fight Internet fraud through required best practices for securing credit card that is stored, processed or transmitted by an online retailer. All merchants who process or store credit card transaction data must comply with PCI regulations.
 
Objectives to Meet PCI Compliance 
 
To achieve compliance, merchants and service providers must adhere to PCI Security Standards, which offer a single approach to safeguarding sensitive data for all card brands. The Payment Card Industry Data Security Standard is a framework of twelve basic requirements supported by more detailed sub-requirements. Log monitoring and reporting is mandated under Requirement 10 in PCI’s 12-step process that instructs companies on how to achieve compliance.
 
Specifically, PCI requires organizations to:
  		•  Regularly monitor and test networks
  		• Track and monitor all access to network resources and cardholder data
     
    OpenService has automated this compliance requirement by creating reports that allow organizations to capture and report on the logs from network, security, infrastructure, and application-layer events. OpenService’s reports provide your organization with a complete picture of network usage and audit trails for user identification, success and failure indication, event origination, and validation of user views of information.

    To achieve those objectives, PCI requires that companies monitor and audit the following types of activities:  
  		• Access Control monitors attempts to access anything on a company’s systems including files, directories, database records, or applications.
  		• Configuration Control monitors the configuration, policies, and software installed on systems covered by a particular compliance regulation and all systems with access to the monitored system.
  		• Malicious Software Detection capabilities collect and report malicious activities caused by viruses or other malicious code.
  		• Policy Enforcement verifies that all users are complying with regulations to reduce the chance of accidental exposure of sensitive information to unauthorized users.
  		• User Monitoring and Management creates a complete audit of the activities of non-employees with access to private data and takes steps to minimize the risk from compromised accounts.
  		• Environment & Transmission Security involves the ongoing monitoring of the environment to ensure that security threats are detected and corrected as quickly as possible through proactive measures such as VA scans.
      OpenService’s security suite InfoCenter can work with your existing security applications and devices to make meeting these requirements easier:
  		• with the LogCenter component of InfoCenter, collect data and store it for forensic analysis, event history, and proof of compliance
  		• with the reporting utility of InfoCenter, generate summary and detailed reports of proof of compliance, including user activity, configuration change, and audit reports
  		• with the correlation ability of InfoCenter, collect data across all security and monitoring applications, detecting malicious intent across your entire environment
  		• with the alert monitoring utility of InfoCenter, notify your security and network administrators of problem areas before they become critical


     | Privacy Policy  | Copyright  | ©2002-2008 OpenService, Inc. All Rights Reserved