Home

Akibia Spotlight

Check Point's Powerful SSL-VPN Capabilities Enhanced

Nokia Enhances Security Portfolio with IP390

Secure & Accelerate Your Business with Blue Coat

Your Reputation Precedes You: The Future of E-Mail Reputation Systems

Scaling Protection: The Network Now Plays a Roll in LAN Security

Compliance, NAC, VoIP & Others Require Next-Generation Network Infrastructure

The RSA Security PCI Solution

Solving the Entitlement Reporting Challenge

Case Study: Paragon Biomedical Secures Clinical Data via TippingPoint IPS

Achieving Compliance Nirvana

Voice on the Mobile Edge

Better Visibility for More Efficient Compliance

Best in Class HIPS Solutions for Best Practice Endpoint Security

Akibia News

Akibia Partners

Contact Akibia

 

 

The RSA Security PCI Solution
By Abby Guha, PRODUCT MARKETING MANAGER - RSA SECURITY
and Chris Parkerson, SENIOR PRODUCT MARKETING MANAGER - RSA SECURITY

 

According to a 2004 FBI survey, 59% of respondents reported insider abuse of information systems, 39% reported unauthorized access to sensitive data and 10% reported that they had an actual data theft. The increase in security incidents that threaten private data has led to the development of both government regulations and industry guidelines to help ensure that the most sensitive information is properly protected. To further combat the rise in identity theft, the major payment card networks, including Visa, Mastercard, American Express and Discover, developed their own guidelines for merchants and payment processors to protect the most common target of identity thieves - consumer credit information. These guidelines, known as the Payment Card Industry (PCI) security standard, are intended to serve as "best practice" requirements that all processors of payment cards should follow to ensure that consumer information is properly protected.

The RSA Security PCI solution combines several products and technologies to address the most common critical security issues faced by companies implementing the standard. RSA Security has products available today that can address all of the data protection, separation of duties and strong authentication requirements prescribed.

PCI STANDARD BEST PRACTICES
RSA SECURITY SOLUTIONS

Do not use vendor-supplied defaults for system passwords and other security parameters

RSA SecurID® two-factor authentication allows organizations to determine who is accessing sensitive corporate resources by establishing a trusted identity. Two-factor authentication, based on something you know (a PIN) and something you have (an authenticator), provides a much more reliable level of user authentication than reusable passwords.

Protect stored data

Data protection products, including the new RSA BSAFE® Data Security Manager and Key Manager products, provide the capabilities needed to protect payment card data wherever it is stored.

Encrypt transmission of card holder and other sensitive information across public networks

RSA BSAFE encryption products also provide technologies for encrypting network transmissions to meet this requirement.

Restrict access to data by business need-to-know

RSA ClearTrust web single sign-on technology centralizes web access management for internally and externally-facing web applications. It provides for controlled access to web resources, based on specific business rules and end-user roles within the organization. Only authorized users are allowed to access critical resources, on a "need to know" basis, with rejection of unauthorized access attempts.

Track and monitor all access to network resources and card holder data

All RSA Security products provide extensive logging and auditing capabilities so that access to sensitive data sources and applications can be monitored.

Assign a unique ID

RSA SecurID two-factor authentication helps organizations to protect critical resources by replacing passwords with a stronger mechanism for establishing an end-user's true identity. RSA SecurID two-factor authentication provides a much more reliable level of user authentication than reusable passwords, with support for a variety of hardware and software authentication options (such as authenticators, smart cards, USB devices and digital certificates). In addition, RSA ClearTrust web access management, along with provisioning partners, enables organizations not only to provide authorized web access, based on segregation of duties, but also provides a centralized system for managing user identities throughout the identity life cycle.

Maintain a policy that addresses information security for employees and contractors

Professional Services from Akibia and RSA can help develop a comprehensive information security policy that will help meet regulatory and other requirements.

Develop / maintain secure systems and applications; restrict physical access to card holder data; regularly test security systems

Professional Services from Akibia and RSA can help develop policies and procedures which enforce the controls necessary to combat data theft at all levels.

Use / regularly update anti-virus software; install and maintain a firewall configuration

RSA Secured® partners provide anti-virus, firewall and other network and user client-defense tools to meet these requirements.