White Papers

Protect Cardholder Data— and Your Business—with a Strategic Approach to PCI Compliance

Source:

Verizon

Posted:

Nov 12, 2010

Acquiring or issuing banks, merchants, service providers, payment processors, ISOs, integrators, and payment application vendors are required to meet
the Payment Card Industry Data Security Standard (PCI DSS). The Payment Card Industry Security Standards Council, which is comprised of the major
payment card brands, developed PCI DSS as a set of comprehensive requirements to enhance credit-card data security worldwide. PCI DSS is required of all
organizations that accept, store, or process credit cards from Visa, MasterCard, American Express, Japan Credit Bank, and Discover Financial.

Protect Cardholder Data— and Your Business—with a Strategic Approach to PCI Compliance

Source:

Verizon

Posted:

Nov 12, 2010

Acquiring or issuing banks, merchants, service providers, payment processors, ISOs, integrators, and payment application vendors are required to meet
the Payment Card Industry Data Security Standard (PCI DSS). The Payment Card Industry Security Standards Council, which is comprised of the major
payment card brands, developed PCI DSS as a set of comprehensive requirements to enhance credit-card data security worldwide. PCI DSS is required of all
organizations that accept, store, or process credit cards from Visa, MasterCard, American Express, Japan Credit Bank, and Discover Financial.

Information Security: Managing Multiple Security Compliance Requirements

Source:

Verizon

Posted:

Nov 12, 2010

Recent years have seen an explosion in the number of security compliance mandates. At any one time, you could be required to meet various industry standards or comply with state and federal regulations, cutting across business processes, assets, and geographic and jurisdictional boundaries.

Information Security: Managing Multiple Security Compliance Requirements

Source:

Verizon

Posted:

Nov 04, 2010

Recent years have seen an explosion in the number of security compliance mandates. At any one time, you could be required to meet various industry standards or comply with state and federal regulations, cutting across business processes, assets, and geographic and jurisdictional boundaries.
The standards-ISO 27002, the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard (PCI DDS), and the Gramm-Leach-Bliley Act (GLBA) to name but a few-have been driven by a variety of needs such as governing jurisdictions, industry requirements, partner obligations, or the need to enforce controls that instill customer confidence.

Protect Your Network and the Little Free Time You Have Left

Source:

Verizon

Posted:

Nov 04, 2010

Hackers. Rootkits. Phishing. Botnets. Disgruntled former employees. The list of threats to your network is long-just like your workday. That's why we want to make short work of keeping tabs on your network's security.
Our Vulnerability Management Service gives you on-demand access to our web-based Verizon Business Vulnerability Management Console. This dashboard, managed by our security engineers, gives you a way to easily get an assessment of potential vulnerabilities on your internal and external networks.

Verizon Enterprise Risk and Incident Sharing Metrics Framework

Source:

Verizon

Posted:

Nov 04, 2010

As you may know, Verizon Business publishes the Data Breach Investigations Report (DBIR), which presents aggregated case statistics collected by our Investigative Response (IR) team. What you may not know is that the reports are based upon a set of metrics developed internally for the purpose of capturing key details surrounding a breach. A version of these metrics are now publicly available as the Verizon Enterprise Risk and Incident Sharing (VERIS) framework. This document provides a brief overview of VERIS and how your organization can make use of it to better organize, track, and responsibly share incident data.

Is Your Log Management System Effective and Relevant?

Source:

Verizon

Posted:

Oct 22, 2010

You probably have the technical capabilities for log management through an in-house solution, an outsourced solution, or some combination. However, evidence suggests that your current log management may be less than effective. Take, for example, findings from the 2009 Verizon Business Data Breach Investigations Report.

Securing Your Infrastructure

Source:

Verizon

Posted:

Oct 22, 2010

Achieving security within the extended enterprise requires more of your organization: more resources (time, investment, and personnel) and more effort (self-awareness, planning, and validation). It is no longer sufficient to just invest in all the technology and systems your business needs to stay secure. You have to effectively leverage your technology investments to make sure they are aligned with your business challenges. This requires processes and procedures based on best practices to be implemented in the context of your organization. It also needs security experts who understand the environment in which your business operates and have a mastery of the applicable security technologies. Finally, it requires intelligence to keep your security controls synchronized with the ever-changing threat landscape.

Securing the Extended Enterprise

Source:

Verizon

Posted:

Oct 22, 2010

For decades, technologists in the security industry believed that the best strategy to protect an organization was to build a strong wall around it. This so-called "perimeter model" assumed that the virtual boundaries of an organization were very similar to the physical boundaries. In the early days of the Internet, this assumption was essentially accurate. Connectivity between an organization and the outside world was limited and easily identified. "Keeping the bad guys out" was the motto, prompting the development of a broad range of network-focused security products.

Security and IT Services for Mergers and Acquisitions

Source:

Verizon

Posted:

Oct 15, 2010

On paper, mergers or acquisitions can sound so simple. Company A buys Company B, they combine infrastructure and networks, consolidate a few facilities, and the merged company becomes more profitable and stronger than before. But, there is a lot to consider when undertaking mergers and acquisitions (M&A) - especially when it comes to developing a successful integration strategy.

Whether driven by the desire to access new technology or capitalize on an opportunity to grow, mergers and acquisitions (M&A) are always challenging, and not always successful. Involvement of a trusted advisor to develop and implement an effective security and IT integration plan is essential to success in an ever-changing global environment.

Security Solutions for the Extended Enterprise

Source:

Verizon

Posted:

Oct 15, 2010

Today's security solutions can't simply use the old perimeter defenses to keep the bad people out. In fact, they need to be just as adept at letting the right people in. Mobile workers need the same access to information as those who work at a desk. Offices across the globe need access to the same applications and files. Your partners and suppliers need more visibility into your data, and vice versa.

Securely Extending the Enterprise With Private MPLS Networks

Source:

Verizon

Posted:

Oct 15, 2010

Globalization has had a profound, lasting effect on the world economy. With the rise of globalization many companies have, therefore, recognized the need to change how they organize themselves-that is, supporting an increasing amount of home and flexible workers-as well as how they organize and manage their relations with those on whom their business is dependent. That is to say people such as customers, suppliers and partners. They, in short, have had to extend their enterprise to reach out to as many places as possible, providing access to business-critical information to all those who need it, wherever they may be.

Your Network’s Integrity Shouldn’t Keep You Up at Night

Source:

Verizon

Posted:

Oct 08, 2010

You've got a lot on your plate. Connecting customers, suppliers, and partners around the globe. Enabling employees in remote locations and those on the go. Managing data that has to be available anywhere, anytime. And securing the infrastructure that supports it all. The last thing you need is to worry about information security risks originating outside your span of control. But do you really know how secure your perimeter is, and what risks from Internet-driven traffic threaten it? Learn more with the Internet Security Assessment, which offers a series of non-intrusive measures to help you maintain network security by identifying a broad range of potential risks, analyzing the risk level, and recommending a plan to mitigate those risks.

Living on the Edge: Understanding the Network Attached Peripherals on Your Network and the Risks They Pose

Source:

Verizon

Posted:

Oct 08, 2010

In today's enterprise, more and more devices are becoming network enabled. Seemingly harmless devices such as printers, security cameras, and UPS systems now frequently come with an Ethernet interface for network connectivity. Most of these devices are designed to work "out of the box" with minimal configuration necessary in order to ensure ease of use. Unfortunately, with this ease of use oftentimes comes increased risk to your network. In an effort to address this emerging threat, ICSA Labs has developed a new program titled Network Attached Peripheral Security (NAPS).

Start Packing. You’re Moving to the Cloud—and We Can Help.

Source:

Verizon

Posted:

Aug 16, 2010

You understand the benefits of a cloud-based environment, but you're not sure how to get there. You're ready to leverage your underutilized computing capacity and enable more effective management of your IT resources-but are concerned about the expertise and resources required to manage the transition. Moving into the cloud requires a well constructed plan-a roadmap, and an investment of time, attention, and resources. With the right help, that transitional roadmap and initial investment can pay off again and again.