Getting On Board
Honeybaked Ham's Goldoff says that the company had deployed firewalls at each of its 400 retail, corporate-owned and franchise locations, but had not made use of intrusion detection at every site. "An IDS will tell you you're getting hit, but you'll also get a slew of false positives," he notes.

Keeping PCI requirements in mind, Honeybaked Ham went a step further and purchased Top Layer Networks' IPS, which Goldoff says can "block a lot more sophisticated attacks than our firewall by recognizing certain exploit characteristics."

The company also embarked on an eight-month, company-wide personnel and policy training program related to PCI. "Our HR and operations teams had everybody at the table," he says.

Overall, Goldoff says a number of the items required by PCI "would be considered low-hanging fruit" by IT security personnel, while other items "take concerted effort."

For Accor North America, which operates more than 1,200 hotel properties including Sofitel and Motel ...

"What we want to do is make sure that any system we use to store or transmit credit card information has the highest level of encryption we can apply," says Harvey Ewing, Accor's senior director of IT security. "The biggest issue with that is key management."

Accor installed RSA Security's Key Manager software to manage encryption keys across its properties, regardless of operating system or back-end database, and to easily apply encryption to legacy applications and infrastructure.

Ewing agrees that PCI helps win funding from corporate management for security projects. "It's one thing for the security department to let executives know the benefits of encrypting data and how that's going to protect the company," he says. "But when it's reinforced by a standard like PCI, that's a lot of leverage when you're requesting the funds."

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   NEXT PAGE  >