Posts tagged "risk management"

Managing Online Payment Security, Compliance with Cloud-Based Tool

PCI (Payment Card Industry) compliance standards protect personal information and ensure security when transactions are processed using a payment card. Thanks to ClearPoint Metrics new PCI compliance management solution, organizations can manage PCI compliance risk more effectively, and reduce the cost of auditing and reporting.

The new metrics-based PCI assessment application will be delivered as Software-as-a-Service (Saas) on the Amazon cloud.

Automating the PCI Compliance Process

The new solution was announced at the RSA Conference a few weeks ago and features controls designed to automate assessment, attestation and reporting for all 12 PCI requirements and operate independently of any particular security product.

These 12 requirements are as follows (as outlined by PCI Data Security Standard (DSS) that was developed to help help organizations proactively protect customer account data):

  • Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

  • Protect Cardholder Data

Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

  • Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update antivirus software
Requirement 6: Develop and maintain secure systems and applications

  • Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

  • Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

  • Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security.

Gathering Data, Managing Assets

Components of the ClearPoint PCI Compliance Management solution include:

  • Requirement Manager, Control Mapping and Evidence Manager allowing organizations to document their controls and manage evidence required for attestations and reporting.
  • Evidence Manager for all forms of policy documents to be gathered and monitored, including links to log files and shared documents, surveys and textual commentary as well as fact based metrics.
  • Data Gathering: Hard facts and data are collected through direct access to all qualified vulnerability scanners as well as the full complement of security applications including, firewalls, intrusion detection, antivirus, log management, event managers, encryption managers and data security products
  • Asset Manager and Profiling: takes feeds from internal asset systems and enables organizations to classify, sort and group assets by compliance scopes and risk profiles.

As well, the solution provides a complete library of scorecards, companion metrics, data connectors and control monitoring alerts. All these tools allow for organizations to continuously monitor and keep team members abreast of alerts about performance, goals and deployment.

For 30 days, PCI Compliance management solution is free of charge at After that, ClearPoint's PCI Service will be available in monthly and annually renewable subscriptions. It is licensed on a per-user basis with introductory 12-user subscription sold at US$ 500 per month.

GRC Roll-up: The Impact of Social Media and Governance

Companies have been contemplating compliance and governance issues for decades. But it’s only recently that they’ve been tackling the challenge that social media brings to corporate governance, risk and compliance. This week we examine a few of the elements impacting the industry.

Social Media Governance

According to Irwin Lazar, vice president of communications and collaboration research at Nemertes Research, enforcing social media governance isn’t just a project for human resources. Lazar says that the responsibility also belongs to message compliance specialists, who need to monitor employees to make sure they aren’t intentionally or inadvertently breaking policy with their posts and tweets.

Breaking policy, as inadvertent as it could be, is an issue. According to the fifth annual Usage Trends, End User Attitudes and IT Impact survey by FaceTime Communications, about 14% of IT managers surveyed in December 2009 reported having data leaked through social networks. Another 18% said they have taken disciplinary action over incidents that occurred through employee use of social media.

Coupled with research recently published by Cisco Systems, which found a significant lack of policies and procedures in place for enterprise social media use, despite the fact that 95% of users said they use social media at work for business or personal reasons. Bottom line? Social media governance is in trouble.

Is Social Media the Answer?

Which may be why Keith Kochberg of says that social media “can be more trouble and expense than it's worth, and it can even do more harm than good.” Considering the previously reported results, such statements may not be so over-reactionary.

Social media, Kochberg says, takes time and lots of oversight to achieve the return on investment that many companies are searching for. Yet, social media can offer lots of interaction and engagement, which can result in elevated customer retention when done correctly.

Social Media Solutions for the Enterprise

If your company is undeterred by the challenges that social media presents to the enterprise, then you might want to check out the new social networking site is a social media site designed specifically for financial advisers to communicate with their investors. Financial advisers can maximize their communication and engagement with investors while also assisting financial advisers in meeting FINRA compliance requirements.

While there isn’t a magic solution for managing social media compliance, all companies are strongly encouraged to create policies that can make governance more manageable. What social media governance strategies is your company initiating?