Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Free software identification tool for payment card industry

PCI Security Vendor Alliance : 12 September, 2007  (New Product)
PCI Security Vendor Alliance releases free software identification to assist the payment card industry in specifying and selecting the most appropriate software
To help smooth the path to PCI Data
Security Standard (PCI DSS) compliance, the Payment Card Industry
Security Vendor Alliance (PCI SVA) has released a free tool that enables
merchants and other PCI DSS regulated businesses to identify software
and service providers for any specific DSS requirement. The tool
includes inexpensive, optional software packages that helps regulated
businesses quickly and easily conduct a detailed, formal risk
analysis as required by PCI DSS section 12.

Most small and many large merchants are still working to comply fully
with PCI DSS. For some merchants, who lack a compliance and/or
security officer, it can be a struggle to understand how the PCI DSS
requirements match up to the security market sectors, and how to
properly complete the PCI DSS self-assessment questionnaire,
according to a recent SearchSecurity article. This new tool from the
PCI SVA is designed to help with both these issues.

The PCI SVA custom-built Risk Assessment software enables merchants
and other PCI DSS regulated businesses to easily conduct a complete
PCI DSS data security risk assessment. The final output of the
assessment includes a list of missing requirements that links to
software and service providers whose offerings address shortcomings
found during the assessment.

Listings in the Risk Assessment Tool's directory of solution
providers will only be open to PCI SVA member organizations. Vendors
of PCI DSS - related software and services are encouraged to join the
PCI SVA and complete the Services Inventory Form, so that they may
have their solutions included in the database. The database contains
a listing of SVA Member's software and services matched to the 200+
requirements of the PCI DSS.

'We believe that this Risk Assessment tool will help demystify the
process of mapping the requirements of PCI DSS to the security
marketplace,' said Dr. David Taylor, president of the PCI SVA and
Protegrity's vice president Data Security Strategies. 'And we urge
vendors who have not yet joined PCI SVA to do so now, as we want the
tool to include the broadest range of information from the security
and privacy software and services vendors as possible.'

The first release of the free PCI Security Vendor Alliance Solutions
Selection Tool is currently available to any merchant who wants it. A
more comprehensive risk assessment tool is also available for a small fee.

The Payment Card Industry Security Vendor Alliance (PCI SVA) is a
non-profit organization formed to educate the business community on
the requirements and business value of the Payment Card Industry Data
Security Standard (PCI DSS). The standard is published and managed by
the PCI Security Standards Committee, which is not affiliated with the PCI SVA.

A June 2007 study by the Aberdeen Group noted that approximately
one-third of 'best-in-class' organizations surveyed -- and nearly
half of the industry average - had not completed formal risk
assessments for all system components in the cardholder data
environment. 'The first step is to understand where and how
cardholder data is flowing in your current environment,' said Derek
E. Brink, vice president and research director at Aberdeen
Harte-Hanks. 'From there, a risk assessment and gap analysis that
compares your existing security controls to those specified by the
PCI DSS is a critical next step towards the ultimate goal of
achieving and reporting PCI compliance.'
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo