ArcSight Unveils New PCI Compliance Knowledge Base and Availability of Research Report  
  SEARCH: Sign In | Register | Contact Us | Site Map | Home  

FFIEC News

ArcSight Unveils New PCI Compliance Knowledge Base and Availability of Research Report

(Aprl 08, 2008) -- ArcSight announced the availability of a new PCI (Payment Card Industry) Knowledge Base and the findings of a recently fielded PCI research report. The PCI Knowledge Base and research program were launched by the PCI Security Vendor Alliance. The Knowledge Base program allows merchants, assessors, bankers, card processors, security vendors and PCI consultants to anonymously share information online on how to become PCI compliant. The findings of the current research report highlight the trends and statistics that have emerged as companies have gone through the process of becoming PCI compliant. ArcSight supported the collection of the data and is a platinum member of the PCI Security Vendor Alliance.

The PCI Knowledge Base contains more than 1,200 separate anonymous comments from merchants, assessors, bankers, card processors, security vendors and PCI consultants, as well as advice from a panel of approximately 30 experts. Visitors to the research program's web site can glean findings that include information regarding best practices, lessons learned, experiences, industry trends and more.

"ArcSight supports the research program as part of our efforts to help companies secure their confidential data and continuously comply with PCI," said Reed Henry, senior vice president of marketing and business development of ArcSight. "The PCI Knowledge Base is a valuable resource for anyone who wants to learn about PCI compliance and understand how companies have successfully achieved compliance."

PCI Alliance Research Director David Taylor identified the three most important findings of the program:

-- Many companies have not yet deployed an overarching monitoring and management solution to derive the full benefit of PCI compliance. "The thing that crops up over and over again is that many companies are buying
products in order to achieve compliance, but they don't have the time to manually review all the logs and data which these tools generate," said Taylor. "They're overwhelmed by the volume of security data and they don't
have the resources to properly review it. These companies are looking for automated solutions to deal with these issues."
-- Most companies pursue a checklist approach to PCI compliance. The requirement to have 100 percent of PCI controls in place tends to promote the view that all controls are essentially equal. What differentiates the
leading-edge companies that are members of the PCI Knowledge Base is that they focus on risk and compliance management across all 12 PCI requirements and use identity monitoring solutions and SIEM platforms to monitor who is doing what and when with which sensitive data.
-- Best-in-class companies have achieved operational compliance vs. paper compliance. Best-in-class companies in the Knowledge Base have made complying with PCI, including the automated monitoring of access controls and enforcement, part of their day-to-day operations. The paper checkbox approach has left other companies exposed to threats due to failure to keep up with the demand to manually review logs.



Share or bookmarklet this web page at:



Google
Privacy Policy | Terms & Conditions | Support | Directory Links | Contact Us | Site Map | Home
Copyright © 2007-2008 ComplianceHome.com. A SUPREMUS GROUP venture. All rights reserved.