While preparing to meet requirements of the Payment Card Industry Data Security Standard for protecting consumers’ credit card information, retailers are getting more effective coverage by also considering other national and international standards, says Brian Contos, chief security officer of ArcSight Inc., a provider of enterprise-wide data security and compliance management applications.
“There’s been a great deal of maturity and awareness within the retail industry, which seems to be more comfortable now about monitoring data,” Contos says.
In addition to addressing the 12 security measures within the Payment Card Industry Data Security Standard, which determine how merchants should guard stored customer data from being stolen or otherwise compromised, retailers are reaching more effective levels of data security by also adhering to standards put out by the National Institute for Standards and Technology, which cover such methods as configuring authorized network access and establishing network firewalls, Contos says.
In addition, retailers are adhering more to standards by the International Standards Organization, which sets industry-wide best practices for business processes, Contos says.
“Most large companies are aware of these standards,” he says.
To help smaller retailers and other companies begin to take similar steps in data monitoring across multiple sets of standards, ArcSight recently launched ArcSight Logger, an application that sits on a retailer’s network and logs aggregated information on how stored data is accessed and maintained. With web browser access, users of ArcSight Logger can check for any unusual patterns in how stored customer data is accessed.
The ArcSight Logger can be used separately or along with the enterprise-level ArcSight ESM Compliance Insight Package for Payment Card Industry, which is designed to assist in the preparation of payment card industry data security audits.