New Services From EMC Help Organizations Move Beyond Compliance With Latest Release Of PCI Standards
Announces expanded consulting services HOPKINTON, Mass., Dec. 15, 2010 /PRNewswire/ -- EMC Corporation (NYSE: EMC)
today announced expanded consulting services to help organizations meet new
guidelines outlined within the Payment Card Industry Data Security Standard (PCI
DSS) 2.0, effective January 1, 2011. The new services help organizations reduce
compliance costs with the Standard and offer customers a holistic and
forward-looking approach to risk management.
Importance of PCI DSS and new Revisions
-- The PCI DSS is a framework of best practice requirements for all
organizations that collect, process or store payment card account and
transaction information and is designed to protect payment card data
throughout the information lifecycle.
-- Due to hefty fines being levied because of non-compliance, significant
percentages of enterprise budgets are devoted to compliance-related data
security programs like PCI DSS, according to a recent study conducted by
Forrester Consulting on behalf of RSA and Microsoft.*
-- Key revisions to Version Two reinforce the need for organizations to
participate in a thorough scoping exercise prior to assessment in order
to understand where cardholder data resides. This allows organizations
to adopt a risk-based approach when assessing and prioritizing
vulnerabilities that is based on their specific business circumstances.
New PCI DSS Readiness and Response Services from EMC Consulting
-- EMC's new PCI DSS Readiness and Response services from EMC Consulting
address the PCI DSS 2.0 revisions and help translate business objectives
into policies and information risk strategies.
-- Leveraging the security and compliance expertise of RSA, the security
division of EMC, these services are delivered through technology, policy
and program development. They also include a recommended separation of
function between the PCI assessment itself and readiness and remediation
planning.
New Services Include:
-- PCI Program Strategy and Implementation - Organizations leveraging this
service not only remediate their PCI compliance issues, but develop a
security and compliance program that is aligned with business
objectives. New services offered include program development and
management, design of strategic frameworks for PCI program, assessment
and development of processes and best practices, and PCI training to
security teams, data owners, key stakeholders, and internal audit team.
-- PCI Readiness Assessments - This service evaluates an organization's
current PCI DSS posture and helps develop a remediation strategy roadmap
prior to undergoing a formal PCI assessment. Experts from EMC Consulting
use a combination of interviews, system reviews, site visits and
document reviews to discover gaps and issues with organizations' PCI DSS
compliance.
-- Breach Management and Post- Event Readiness Assessment- Even
organizations that pass a PCI Assessment can be impacted by a breach of
cardholder information. Should a breach occur, the actions taken
following the breach can determine the level of financial impact on an
organization. These new services offer post-breach forensics,
evaluation, and guidelines to help ensure future compliance of the
organization.
A full list of EMC Consulting's Risk Management and Compliance offerings can be
found online.
Analyst Validation:
"Enterprises are still unclear about the importance of separating Readiness and
Compliance," said Chris Liebert, Senior Analyst, Security Services, IDC. "The
challenge organizations face is not the PCI assessment process itself. The PCI
Security Standards Council establishes clear requirements for self-assessment
and the process for annual on-site PCI assessments conducted by Qualified
Security Assessors (QSA) is straightforward and certified by the Council. The
correct approach to PCI compliance validation is to approach it as a three step
process: assessment, remediation, and compliance. By approaching PCI compliance
with a detailed readiness gap analysis, and remediation activities before any
onsite assessment takes place, organizations mitigate the risk of failing an
assessment and incurring steep costs of non-compliance."
EMC Executive Quote
"EMC Consulting and RSA are leaders in delivering programs that help customers
build security strategies that meet regulatory and governance requirements,"
said Tom Roloff, Senior Vice President of EMC Consulting, EMC Corporation. "We
understand that demonstrating and maintaining PCI compliance remains one of the
broadest and most complex challenges faced by organizations today. By leveraging
the expertise of RSA, EMC Consulting acts as a trusted security advisor, giving
organizations the confidence they need to comply with regulations and also
establish a foundation of broad data security best practices."
About EMC Consulting
As part of EMC Corporation, the world's leading developer and provider of
information infrastructure technology and solutions, EMC Consulting provides
strategic guidance and technology expertise to help organizations exploit
information to its maximum potential. With worldwide expertise across
organizations' business, applications and infrastructure, as well as deep
industry understanding, EMC Consulting guides and delivers revolutionary
thinking to help clients realize their ambitions in an information economy. EMC
Consulting drives execution for its clients, including more than half of the
Global Fortune 500 companies, to transform information into actionable
strategies and tangible business results. More information about EMC Consulting
can be found at www.EMC.com/consulting
About RSA
RSA, The Security Division of EMC, is the premier provider of security, risk and
compliance management solutions for business acceleration. RSA helps the world's
leading organizations succeed by solving their most complex and sensitive
security challenges. These challenges include managing organizational risk,
safeguarding mobile access and collaboration, proving compliance, and securing
virtual and cloud environments.
Combining business-critical controls in identity assurance, encryption & key
management, SIEM, Data Loss Prevention and Fraud Protection with industry
leading eGRC capabilities and robust consulting services, RSA brings visibility
and trust to millions of user identities, the transactions that they perform and
the data that is generated. For more information, please visit www.RSA.com and
www.EMC.com.
More Insights