Minimizing Business Risk with PCI DSS, ISO 27001, HIPPA, BASEL II and other compliance standards.
Let’s face it: Reaching compliance with whatever industry legislation affects you is a time consuming and daunting task. Whether it be aspects of IT Security, Physical Security or security procedures the steps are sometimes difficult to identify, hard to implement and challenging to effectively monitor.
At the end of the day though, these standards will save you money. There primary objective is to maintain the privacy of customer data and to ensure that information is only disclosed to those who need to have access. Whether it be keeping track of which visitors are allowed into which facility all the way though to ensuring that backup tapes are encrypted and stored in a secure off-site location, the end result is good business practice and a way to minimize business risks and losses.
Here are some examples of what can happen when proper business practices are weak or ignored completely:
- In 2008 the PCI standards committee released the harrowing statistic that owing to lax security by merchants and card processors, over 234 Million credit card numbers had been compromised in just 3 years!
- In 2007, Heartland Payment Systems who process credit card transactions for many Banks, had a major security breach which was not discovered for nearly 18 months. During this time, over 130, MILLION credit card numbers were stolen causing huge disruption not only for the customers whose information was stolen, but monetary losses for the banks affected – from fraudulent transactions to the cost of replacement cards and loss of customers to other institutions.
For a complete guide to how business need to deal with PCI Compliance and other standards issues please click here:
The bright spot on the horizon is that there are many automated tools available for free download that can assist not only in identifying Compliance issues but can assist with the implementation of compliance standards and ongoing monitoring issues. Some of the best tools for the HP NonStop and Unix markets can be found here:
Real-Time PCI Compliance Monitoring
So now that you have reached PCI compliance – Well done! However, how do you to ensure that your organization does not drift out of compliance over time? In reality, it is crucial to monitor compliance in as close to real time as possible. The longer the gap between monitoring cycles, the more likely it is for compliance violations to slip-through undetected. In the NonStop world of Financial Industry compliance there are two methods to keep a close monitor on real-time compliance. These are:
- Real time Alerts – Immediate reaction to something or someone that may have created a breach or non-compliant event.
- Frequent reporting of critical items: the need to identify which items in the enterprise are critical to the PCI Compliance framework and to have those items regularly and automatically monitored to ensure that “compliance drift” has not taken place.
Several automated tools are available for the NonStop market that address the needs of the QSA or anyone struggling to maintain PCI Compliance. Immediate Real-Time tools include Alert-Plus and for more direct monitoring of specific PCI items including the requirement for File Integrity Checking.