Regulatory Compliance and MSS

Companies face rising costs and increasing complexity related to regulatory compliance. In addition to government and industry-specific regulations, business partners, suppliers, and customers have security policies and practices that require compliance and validation. Few companies have the in-house resources to implement all aspects of the type of program required for due care and due diligence.

Problem: Cost and Complexity of Maintaining Compliance

With changing regulations and with new vulnerabilities and threats discovered daily, regular assessments serve only as a foundation for compliance. Maintaining and documenting compliance in an auditable format requires 24/7 monitoring, secure archiving, and reporting systems mapped to the requirements of key standards.

Solution: Outsourcing Managed Security Services

By outsourcing the resource-intensive tasks of 24/7 monitoring and maintaining compliance, companies stay focused on core, value-producing activities. Commonly outsourced Managed Security Services (MSS) include:

• Log monitoring: The ability to log, track, and analyze user and system activity across operating systems, databases, and applications is often critical for preventing, detecting, responding to, and helping to remediate security breaches. A number of standards and regulations also require third-party archiving and storage of log monitors to audit IT controls.
• Intrusion detection and prevention systems management and monitoring: As the complexity and scope of network threats grows, installing network security technology does not guarantee protection or compliance. An organisation must be able to detect and prevent intrusions with 24/7 monitoring and management of intrusion detection and prevention systems.
• Firewall management and monitoring: Despite the implementation of firewall technology, most organizations continue to suffer from unauthorised access due to insufficient firewall management. Outsourcing firewall upgrades, configuration management, rule-set changes, and health monitoring protects a critical component of network security without taxing in-house resources.
• Vulnerability management: Some scanning and assessment requirements apply to externally facing applications as well as network and operating systems. Manual testing by experienced professionals combined with automated technology helps identify the breadth and depth of vulnerabilities.

Outsourcing provides significant benefits when you calculate the cost of recruiting, training and retaining information-security compliance expertise, and maintaining a reliable, scalable infrastructure to support 24/7 management and monitoring of network security.

How VeriSign Helps

VeriSign® Managed Security Services (MSS) apply our people, processes, technology, and intelligence to securing your critical infrastructure as required by regulations and business needs. Your staff stays focused on strategic business initiatives while VeriSign security analysts monitor and manage critical devices 24/7 with real-time analysis and a consolidated portal view across your entire infrastructure.

Compliance Solutions

VeriSign compliance solutions help you build a foundation of compliance with information security regulations and industry standards:

• Sarbanes-Oxley (SOX) Section 404
• Gramm-Leach-Bliley Act (GLBA)
• Healthcare Insurance Portability and Accountability Act (HIPAA)
• Payment Card Industry (PCI) Security Standards
• Notice of Breach (formerly California Senate Bill 1386)
• North American Electric Reliability Council (NERC) Cyber Security Standards
• Basel II Accord for global financial institutions
• UK Data Protection Act for UK and European companies