Protecting Retailer Assets

Some of the most valuable assets a business has lies within its data; intellectual property, confidential records and customer information. This data is more at risk than ever before and keeping it secure is becoming increasingly difficult.

Companies have suffered Brand damage, erosion of customer confidence and incurred heavy financial costs associated with high profile data loss.

As critical infrastructures grow more complex so do the threats to data security and the chances of internal errors. The need for a more comprehensive threat assessment and data protection solution has never been more pressing.

Too many retailers have responded to these problems with a knee jerk reaction and the introduction of a one off compliance exercise to plug the gaps.

At Evolution we have recognised the requirement to create and deliver an ongoing process that has been designed specifically to provide an audit and analysis of your total compliance needs and provides an integrated and comprehensive package.

We call it Compliance 360

Key Features

Compliance 360 provides a total regulatory compliance solution for retail organisations. The key features are outlined in the diagram below (click segments to find out more).

Compliance Consultancy

Quarterly Onsite Review Meetings

Documentation Reviews

Monthly Update Conference Calls

 

Security Achitecture Review

IPS/IDS Review

Firewall rule base review

User content review

Remote access review

Wireless access review

Log Management Review

Security Testing

Penetration testing

Application testing

Wireless penetration testing

Vulnerability assessment

ASV Scanning

Data Identification & Management Review

Sensitive data identification search

Data usage and retention review

Data access and logging review

 

 

Evolution is an industry leading IT security provider delivering solutions through a global team of professional and experienced specialists. Evolution has helped many high profile retail organisations to protect the availability, integrity and confidentiality of their data assets. We apply a disciplined and rigorous approach to managing risk by identifying, assessing and mitigating threats and vulnerabilities to our clients digital infrastructure.

PCI/DSS Compliance

Organisations handling credit card transactions are juicy targets to the professional “black hat”, a fact that has been brought home by a number of high profile credit card hacking incidents.

To counter public outcry and a calls for increased legislation two major players in the Payment Card Industry - Visa and Master card - teamed up to create the PCI Data Security Standard. The PCI Data Security Standard is intended to give companies handling credit card transactions a framework and set of guidelines for doing so securely: how to build a secure network, protect cardholder data and manage/monitor vulnerabilities and threats. The standard embodies sound policy for any organisation, outlining the need for a documented security infrastructure, agreed processes for handling threat scenarios, need-to-know access procedures and so on.

Unfortunately many organisations who should be in compliance with the PCI standard fall some way short, and the result can be a security breach, temporary or even permanent suspension of your ability to handle credit card transactions.

For many companies it’s only a small step to full PCI compliance, and Evolution can help by rapidly assessing your general level of compliance, highlighting areas that may need further work and providing suggestions on how to maintain full compliance on an ongoing basis. For companies that have been unaware of the standard or unable to aim for full compliance until now we can provide more in-depth help with a quick start program to move towards compliance, plan and create a fully secure network and put measures in place for running your PCI technology safely.