This white paper identifies the problems encountered in addressing network security risks through vulnerability management. It describes how automated vulnerability management contributes to compliance with industry standards such as the Payment Card Industry Data Security Standard (PCI DSS) and assists you in proactively identifying security weaknesses before these are exploited.
Automating vulnerability management
for PCI DSS compliance
A practical approach to network security and PCI DSS
compliance
This white paper identifies the problems encountered in addressing network security risks through vulnerability management. It describes how automated vulnerability management contributes to compliance with industry standards such as the Payment Card Industry Data Security Standard (PCI DSS) and assists you in proactively identifying security weaknesses before these are exploited.
WWW.GFI.COM Automating vulnerability management for PCI DSS compliance . 2
Introduction Vulnerability management is a risk management discipline that addresses the dangers of e-commerce and information systems. It can be defined as the regular auditing of hardware and software components in IT infrastructures, the discovery of weaknesses and their resolution. Considered by many IT Professionals as a complex and time consuming process, vulnerability management is one of the most loathed and neglected tasks in their charges.
Network vulnerability management is however not an option anymore: Industry standards such as the PCI DSS, consistently underline the importance of managing network vulnerabilities and mandate it as an obligatory task in the compliance processes.
This paper addresses the need for effective network vulnerability management. It describes the aches and pains normally associated with this process and sheds light on how automation can assist IT professionals in mastering this discipline, reduce costs and augment PCI DSS compliance efforts.
Introduction....................................................................................................................................2 What is PCI DSS? .........................................................................................................................2 What is network vulnerability management?.................................................................................3 What is the connection between PCI DSS and vulnerability management?.................................4 The aches and pains of vulnerability management.......................................................................4 GFI LANguard Network Security Scanner ....................................................................................6 Conclusion.....................................................................................................................................7 About GFI ......................................................................................................................................7
What is PCI DSS? PCI DSS is a binding collection of rules that promote IT security processes in organizations that handle payment card information. PCI DSS aims to reduce financial fraud through heightened network security capabilities of whoever processes payment card information and was designed because of 3 distinct factors that fuel financial fraud:
1. E-commerce, which helps overcome geographical boundaries and, often, any protection offered by local laws and regulations.
2. The high availability of "plastic money" for consumer purchases in all industrialized nations.
3. An indifference to security best practices by all businesses that store and/or process unprotected payment card details.
WWW.GFI.COM Automating vulnerability management for PCI DSS compliance . 3
To counter credit/debit card fraud, the 5 major card companies (Visa International, MasterCard Worldwide, American Express, JCB and Discover Financial Services) designed a strong security framework to reinforce payment card transaction security. The result of their efforts was the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS compliance is the irrefutable responsibility of all businesses handling cardholder data including retail, mail orders, telephone orders and e-commerce - irrespective of business size.
What is network vulnerability management? Security weaknesses lead to a continuous stream of security updates being issued by the developers of software solutions on a periodical basis. Due to the frequency and the amount of ... [download for more]
