A set of consulting and managed security service solutions from Big Iron Solutions is intended to enable organizations to rapidly identify, secure and monitor credit card data in order to meet PCI-DSS requirements.
For years, the majority of business transactions including credit card payments have been processed on mainframe computers. Since 2007, the PCI Data Security Standards (PCI-DSS) has provided the security standard to which merchants and service providers must adhere to in order to store, transmit and process credit card data. To date, many mainframe computer systems have not been meeting these requirements, Big Iron explains. “This failure is due mainly to the fact that adequate technology, processes and effective standardized security practices have not existed on the mainframe,” according to a statement from the vendor.
Big Iron provides three security and compliance services in addition to a decision support GRC tool. Its PCI Data Discovery and Scoping has the ability to efficiently validate credit card data in known locations and accurately find it in previously unknown locations in mainframe datasets, data stores and databases. Once discovered, PCI scope in defined data stores can be secured or removed as required. The service provided by Big Iron Solutions meets PCI requirements to maintain an inventory of credit card data locations updated annually.
The solution also includes vulnerability management and remediation, which provides a technology and remediation service that will find vulnerabilities in OS code, ESM configurations and APFs.
The offering also includes security monitoring and incident response. Big Iron Solutions’ security monitoring is designed to validate that security controls are functioning effectively in addition to detecting suspicious behavior and invalid configuration changes in real time. PCI requires monitoring of administrator behavior, access to card holder data, and configuration changes to in scope systems. Big Iron’s solutions monitor using SIEM technology collecting log data from RACF, ESMs, SMF, DB2 activity and OS administrator activity.
For more information, visit the Big Iron Solutions website.