About
Subscribe
  • Home
  • /
  • Security
  • /
  • AppSecInc first to offer comprehensive best-practice database security policies for PCI standard

AppSecInc first to offer comprehensive best-practice database security policies for PCI standard

Johannesburg, 13 Jul 2005

SecureData, a member of the JSE-listed ERP.com Group and the southern African distributor for Application Security, today announced immediate availability of the latter's most comprehensive set of database-specific best-practice policies to help organisations meet the requirements of the Payment Card Industry (PCI) data security standard.

Underscoring a proactive security stance on behalf of their customers and partners, credit card brands united disparate security guidelines under the PCI data security standard to strengthen the protection of payment information with a common set of guidelines. The new standard requires organisations to be in compliance no later than 30 June 2005.

In the aftermath of the largest reported breach of computerised personal data - 40 million credit cards exposed at a processing centre - initiatives such as PCI are imperative to protect personal information better. Doing so involves the use of technology as well as the definition and implementation of business process for the collection, maintenance and security of sensitive personal data.

Organisations can bolster PCI compliance initiatives with AppSecInc's customisable best-practice policies, thus making their efforts more granular, demonstrable and repeatable. The breadth and depth of AppSecInc's portfolio enables the company to address compliance within all of the guidelines set by PCI that relate to the defence of data at rest.

A Visa Alliance Partner, AppSecInc received a minority investment from the company in October 2004 as part of Visa's initiatives to provide financial institutions and merchants with access to the latest advancements in information security technology. With more than 350 customers worldwide, AppSecInc is the leading provider of database security solutions; widely acknowledged as providing the most comprehensive solutions for corporate and government applications.

"From social security numbers to private health information, the data stored in databases and travelling across networks must remain protected. Ensuring trust in the appropriate use and protection of cardholder and payment information is a critical part of this security," commented Bill Tomlinson, National Security Practice Director for DynTek, Inc. "We offer professional technology services to the payment card industry, and solutions like Application Security's PCI policies are a valuable tool, which helps us to ensure our customers' most critical data is secure."

The PCI effort highlights the critical need for application-specific security controls and best practices. With databases representing the infrastructure component in which data is at the height of its value, yet where it is often most vulnerable, the market for database security tools is expected to more than double during the next two years.

"As recent news reports have shown, application and database security are no longer a 'nice to have', they are a must-have for an effective defence-in-depth security architecture. Organisations need to address critical system protection with an end-to-end lifecycle process that identifies assets, fixes vulnerabilities, detects attacks and provides robust information for reporting - all of which Application Security already provides its customers," added Jon Oltsik, Senior Analyst at Enterprise Strategy Group.

"With the PCI compliance deadline looming, Application Security is again ahead of the game by providing its customers with the only compliance specific checks of its kind."

AppSecInc PCI policies: Best practices approach to compliance

AppSecInc's PCI best-practice policy templates are available for the company's complete vulnerability management portfolio including its application-level vulnerability assessment scanner, AppDetective, and its real-time database intrusion detection and security auditing solution, AppRadar. By using these policies, organisations can easily tune their application security to the protections that are most relevant to PCI compliance.

PCI defines a set of common information security requirements comprising 12 top-level security guidelines. Seven requirements pertain to protecting stored payment data, all of which are addressed by AppSecInc's products:

1. Do not use vendor-supplied defaults for system passwords and other security parameters. 2. Protect stored data. 3. Develop and maintain secure systems and applications. 4. Restrict access to data by business need-to-know. 5. Assign a unique ID to each person with computer access. 6. Track and monitor all access to network resources and cardholder data. 7. Regularly test security systems and processes.

AppDetective's discovery, penetration testing and auditing/reporting functions enable organisations to discover and inventory all database instances; assess their configuration strength and level of vulnerability; and provide detailed reports to track audits and maintain compliance with the latest patches.

AppRadar's intrusion detection and security auditing capabilities enable organisations to track and monitor all access to cardholder data by unique ID; centralise management of auditing, tracking and logging all transactions; and provide real-time notification of anomalous system events or known attacks.

As the only encryption solution on the market to allow column-level data encryption on production databases, DbEncrypt allows organisations an unmatched ability to protect stored cardholder data with robust key management, strong encryption algorithms and an easy-to-deploy, point and click interface.

"Adherence to PCI requirements would go a long way toward ensuring personal data is thoroughly protected," continued Ted Julian, Vice-President of Strategy for AppSecInc. "But compliance can be challenging in terms of time and resources. By leveraging best-practice policies to help with this effort, customers can more easily achieve and maintain compliance with a minimum of effort and resources, allowing them to focus on driving customer value."

Share

Application Security

Application Security Inc is the leading provider of database security solutions for the enterprise. Application Security's products proactively secure enterprise applications at more than 200 organisations around the world by discovering, assessing and protecting the database against rapidly changing security threats. By securing data at its source, we enable organisations to more confidently extend their business with customers, partners and suppliers. Our security experts, combined with our strong support team, deliver up-to-date application safeguards that minimise risk and eliminate its impact on business.

SecureData

SecureData, an ERP.com company, is Africa's premier IT security solution provider. SecureData's solutions incorporate anti-virus and content security, network security, intrusion prevention software and network asset management. SecureData's comprehensive "Managed Security Services" include design, audit, implementation, vulnerability assessment, outsourcing and hosting. SecureData distributes, sells and supports category leading IT security products to the public, corporate and SME sectors throughout Africa as well as products and services to the SOHO and consumer markets through partnerships with ISPs.

As well as being the sole distributor in Sub-Saharan Africa for Trend Micro, SecureData is the African distributor for US-based TippingPoint Technologies and the southern African distributor for US-based Application Security, eEye, Rocket Software, RSA Security, St Bernard and Websense; and UK-based Centennial. For more information, visit SecureData at www.securedata.co.za.

ERP.com

ERP.com is a JSE-listed company focused on the implementation, integration and management of enterprise applications in an e-business environment. For more information, visit ERP.com at www.erpcom.co.za.

Editorial contacts

Paul Booth
Global Research Partners
(082) 568 1179
pabooth@mweb.co.za