Achieving PCI-DSS Compliance and Proving it: a Pivot Point Security Webcast

Share Article

John Verry (CISA) of Pivot Point Security discussed "Easing the Burden of PCI-DSS Compliance" by leveraging Security Information Event Management (SIEM)

John Verry (CISA) of Pivot Point Security discussed "Easing the Burden of PCI-DSS Compliance" by leveraging Security Information Event Management (SIEM).

The 30-minute presentation, conducted in cooperation with Novell, focused on the basics of PCI-DSS compliance, the ramifications of non-compliance, major goals, and how to use automation to lower the overall cost and impact to large, complex enterprises. He emphasized the importance of provability. "Not only do you have to achieve PCI compliance, you have to prove you're compliant in the event of a security breach," Verry stated. He continued by explaining that if you fail to prove compliance with the standard in the event of a breach, the penalties can be severe, "In addition to the obvious damage to reputation, bad publicity, lawsuits and fines, your ability to process credit card transactions can be revoked."

The presentation noted the major challenges to comply with the PCI-DSS, such as: the large physical scope, the high prevalence of unstructured data--that is, data outside of a formal database and found in files such as spreadsheets and word processing documents--and the burdensome costs of the monitoring and provability of compliance.

Verry went on to explain that a Security Information and Event Management (SIEM) solution, such as Novell Sentinel, can considerably reduce the encumbrance to the IT staff to monitor logs and prove compliance with PCI. "In the simplest terms, SIEM solutions automate the compliance process relating to logs. They normalize and store event data, correlate it, help produce reports, issue alerts, and assist in forensic analysis," Verry said.

He also elaborated on Novell's unique ability to integrate its Identity Management (IDM) solution with Sentinel to further simplify compliance and provide the ability to detect and react to anomalous data access in real-time.

Verry concluded the program by noting that leveraging technology to automate PCI-DSS compliance will also directly address other regulations including Sarbanes Oxley and HIPAA. He then fielded numerous questions from the attendees at conclusion of the webcast.

To view a recorded version of the webcast, please visit:

About Pivot Point Security:
Pivot Point Security is a boutique information security consulting firm architected to provide maximum levels of independent and objective assurance to its varied client base. Our specialization in Information Security Auditing, Penetration Testing, and Security Information and Event Management provides unsurpassed levels of value to an organization's technology and business strategies. It is our credo of 'reasonable and appropriate' Information Security that makes Pivot Point the leader in this highly specialized IT discipline in the NY/NJ/PA metropolitan area. In our 7 year history, we have brought this value to hundreds of clients.

Robert Nolan, Director of Sales & Marketing
Pivot Point Security
888-748-6876 ext. 321


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Visit website