PCI at an E-commerce Site

This case study is based on a major e-commerce implementation of a commercial scanning service, a penetration testing by a security consultancy, and a host IPS and file integrity monitoring on critical servers. Upon encountering PCI compliance requirements, Buy.Web, Inc. has assessed their current security efforts, which include the use of host IPS on their demilitarized zone (DMZ) servers as well as periodic vulnerability scanning.They realized that they needed to additionally satisfy the pen testing requirements as well as file integrity checking requirements to be truly compliant.Their IT staff performed an extensive research of file integrity monitoring vendors, and chose one with the most advanced centralized management system (to ease the management of all the integrity checking results).They also contracted a small IT security consultancy to perform the penetration testing for them.

The team also utilized their previously acquired log management solution to aggregate the host IPS and file integrity checking, to create a single data presentation and reporting interface for their PCI auditors. Overall, this project was a successful illustration of a mature security program that needed to only “fill the gaps” to be PCI compliant.

CompliancesForum provide FREE template, checklist, and update for your Regulatory Compliance need: Basel II Accord, Gramm Leach Bliley (GLBA), Healthcare Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standards (PCI DSS), Sarbanes Oxley Act (SOA)

Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Reddit
  • Google
  • Yahoo
  • Technorati

User login

Who's online

There are currently 0 users and 1 guest online.

Who's new

  • PreedaJex
  • logsLarostata
  • tesejeora
  • andygriffinkid
  • WooroExteve