Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

12/17/2010
06:46 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New Services From EMC Help Organizations Move Beyond Compliance With Latest Release Of PCI Standards

Announces expanded consulting services

HOPKINTON, Mass., Dec. 15, 2010 /PRNewswire/ -- EMC Corporation (NYSE: EMC) today announced expanded consulting services to help organizations meet new guidelines outlined within the Payment Card Industry Data Security Standard (PCI DSS) 2.0, effective January 1, 2011. The new services help organizations reduce compliance costs with the Standard and offer customers a holistic and forward-looking approach to risk management.

Importance of PCI DSS and new Revisions

-- The PCI DSS is a framework of best practice requirements for all organizations that collect, process or store payment card account and transaction information and is designed to protect payment card data throughout the information lifecycle.

-- Due to hefty fines being levied because of non-compliance, significant percentages of enterprise budgets are devoted to compliance-related data security programs like PCI DSS, according to a recent study conducted by Forrester Consulting on behalf of RSA and Microsoft.*

-- Key revisions to Version Two reinforce the need for organizations to participate in a thorough scoping exercise prior to assessment in order to understand where cardholder data resides. This allows organizations to adopt a risk-based approach when assessing and prioritizing vulnerabilities that is based on their specific business circumstances.

New PCI DSS Readiness and Response Services from EMC Consulting

-- EMC's new PCI DSS Readiness and Response services from EMC Consulting address the PCI DSS 2.0 revisions and help translate business objectives into policies and information risk strategies.

-- Leveraging the security and compliance expertise of RSA, the security division of EMC, these services are delivered through technology, policy and program development. They also include a recommended separation of function between the PCI assessment itself and readiness and remediation planning.

New Services Include:

-- PCI Program Strategy and Implementation - Organizations leveraging this service not only remediate their PCI compliance issues, but develop a security and compliance program that is aligned with business objectives. New services offered include program development and management, design of strategic frameworks for PCI program, assessment and development of processes and best practices, and PCI training to security teams, data owners, key stakeholders, and internal audit team.

-- PCI Readiness Assessments - This service evaluates an organization's current PCI DSS posture and helps develop a remediation strategy roadmap prior to undergoing a formal PCI assessment. Experts from EMC Consulting use a combination of interviews, system reviews, site visits and document reviews to discover gaps and issues with organizations' PCI DSS compliance.

-- Breach Management and Post- Event Readiness Assessment- Even organizations that pass a PCI Assessment can be impacted by a breach of cardholder information. Should a breach occur, the actions taken following the breach can determine the level of financial impact on an organization. These new services offer post-breach forensics, evaluation, and guidelines to help ensure future compliance of the organization.

A full list of EMC Consulting's Risk Management and Compliance offerings can be found online.

Analyst Validation:

"Enterprises are still unclear about the importance of separating Readiness and Compliance," said Chris Liebert, Senior Analyst, Security Services, IDC. "The challenge organizations face is not the PCI assessment process itself. The PCI Security Standards Council establishes clear requirements for self-assessment and the process for annual on-site PCI assessments conducted by Qualified Security Assessors (QSA) is straightforward and certified by the Council. The correct approach to PCI compliance validation is to approach it as a three step process: assessment, remediation, and compliance. By approaching PCI compliance with a detailed readiness gap analysis, and remediation activities before any onsite assessment takes place, organizations mitigate the risk of failing an assessment and incurring steep costs of non-compliance."

EMC Executive Quote

"EMC Consulting and RSA are leaders in delivering programs that help customers build security strategies that meet regulatory and governance requirements," said Tom Roloff, Senior Vice President of EMC Consulting, EMC Corporation. "We understand that demonstrating and maintaining PCI compliance remains one of the broadest and most complex challenges faced by organizations today. By leveraging the expertise of RSA, EMC Consulting acts as a trusted security advisor, giving organizations the confidence they need to comply with regulations and also establish a foundation of broad data security best practices."

About EMC Consulting

As part of EMC Corporation, the world's leading developer and provider of information infrastructure technology and solutions, EMC Consulting provides strategic guidance and technology expertise to help organizations exploit information to its maximum potential. With worldwide expertise across organizations' business, applications and infrastructure, as well as deep industry understanding, EMC Consulting guides and delivers revolutionary thinking to help clients realize their ambitions in an information economy. EMC Consulting drives execution for its clients, including more than half of the Global Fortune 500 companies, to transform information into actionable strategies and tangible business results. More information about EMC Consulting can be found at www.EMC.com/consulting

About RSA

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.

Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5148
PUBLISHED: 2021-03-05
SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall a...
CVE-2020-36255
PUBLISHED: 2021-03-05
An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens.
CVE-2019-18351
PUBLISHED: 2021-03-05
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk through 13.29.1, through 16.6.1, and through 17.0.0; and Certified Asterisk through 13.21-cert4. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijac...
CVE-2021-27963
PUBLISHED: 2021-03-05
SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header.
CVE-2021-27964
PUBLISHED: 2021-03-05
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.