This article can also be found in the Premium Editorial Download "Information Security magazine: Identity crisis solved: Tips from a top identity management expert."

Download it now to read this article plus other related content.

Getting On Board
Honeybaked Ham's Goldoff says that the company had deployed firewalls at each of its 400 retail, corporate-owned and franchise locations, but had not made use of intrusion detection at every site. "An IDS will tell you you're getting hit, but you'll also get a slew of false positives," he notes.

Keeping PCI requirements in mind, Honeybaked Ham went a step further and purchased Top Layer Networks' IPS, which Goldoff says can "block a lot more sophisticated attacks than our firewall by recognizing certain exploit characteristics."

The company also embarked on an eight-month, company-wide personnel and policy training program related to PCI. "Our HR and operations teams had everybody at the table," he says.

Overall, Goldoff says a number of the items required by PCI "would be considered low-hanging fruit" by IT security personnel, while other items "take concerted effort."

For Accor North America, which operates more than 1,200 hotel properties including Sofitel and Motel 6, PCI was a catalyst for a major data encryption project. PCI compliance--along with assuring customers that the company keeps its information secure--is a priority for Accor.

"What we want to do is make sure that any system we use to store or transmit credit card information has the highest level of encryption we can apply," says Harvey Ewing, Accor's senior director of IT security. "The biggest issue with that is key management."

Accor installed

    Requires Free Membership to View

RSA Security's Key Manager software to manage encryption keys across its properties, regardless of operating system or back-end database, and to easily apply encryption to legacy applications and infrastructure.

Ewing agrees that PCI helps win funding from corporate management for security projects. "It's one thing for the security department to let executives know the benefits of encrypting data and how that's going to protect the company," he says. "But when it's reinforced by a standard like PCI, that's a lot of leverage when you're requesting the funds."

This was first published in May 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: