Meeting the PCI DSS Compliance Challenge How Luminet Enterprise Fraud Management Software Can Help

SOLUTION BRIEF

3 Steps to Simplifying Audits, Showing Compliance, and Managing Enterprise Risk

Trusted employees commit more compliance violations than anyone else. Government and industry groups have responded by enacting fraud management regulations designed to protect public and shareholder interests. But your business generates enormous volumes of network traffic every day. Tracking all user activity and then sifting through it for abuse, misuse, and error can feel like an impossible task. Fortunately, technology does exist to help you overcome these challenges. Its called Attachmate Luminet enterprise fraud management software. And its built to help you generate the data you need to simplify the audit process, demonstrate compliance, and manage enterprise risk. based on business rules and weighted scores that youve definedand generate real-time alerts. You can use the alerts to demonstrate the controls youve established to flag noncompliant behavior. Step 3: Generate Custom Reports Auditors expect precise and detailed information about how the thousands of people across your enterprise are accessing sensitive information on hundreds of applications each day. They also expect to see this information presented in a format that aligns with their unique regulatory requirements. With Luminet, you can easily access specific audit information at any timeand adjust reports to meet auditor expectations. Theres no need to manually extract more or different data from log filesor worse, force auditors to guess what happened when log files fall short. In these three steps, Luminet delivers the intelligence you need to take informed action for auditing, compliance, and general risk-management purposes.

Who Did What, Whenand Why?

Continuous monitoring is the key to knowing exactly who did what, and whenthen being able to put that information into context. Attachmate Luminet can help you do that in three steps: Step 1: Capture the Data Luminet captures and records all user activity on all enterprise applications in real timescreen by screen, keystroke by keystrokecreating a complete and accurate audit trail directly from the network. This audit trail includes both update and read-only actions for regular and privileged users. Stored in a secure, digitally signed repository, this information can be visually played back to show screens, keystrokes, and activities that support your audit. Step 2: Analyze the Data Luminets powerful analytics engine tracks user behavior in real time, detecting cross-channel patterns and visually revealing activities and relationships. For example, does one financial clerk exhibit an unusual pattern of payment activity with a particular vendor? Is an employee reading the details of VIP health records significantly more than other employees in the same role? In this way, it can pinpoint suspicious actions

What If You Could. . .

Quickly piece together data on multiple systems in multiple departments to create a complete audit trail? Run historical queries, pattern analysis, and behavioral analytics against user activity to place keystrokes in context? Test your level of compliance prior to an external audit? Respond to updated regulations by changing a few rules rather than remapping log outputs to compliance requirements? Retrieve clear and actionable evidencelong after the user activity occurred? With Luminet, you canwithout adding controls or changing a single line of code.

SOLUTION BRIEF

SOLUTION BRIEF

Demonstrating Compliance with Attachmate Luminet

North American Standards & Regulations
FISMA (Federal Information Security Management Act) GLBA (Gramm-Leach- Bliley Act) HIPAA (Health Insurance Portability and Accountability Act) HITECH (Health Information Technology for Economic and Clinical Health) Act

What It Is
A U.S. law enacted in 2002 that requires each federal agency develop, document, and implement a plan to provide security for the data and systems that support agency operations and assets. The act extends this requirement to include assets managed by other agencies and contractors. A U.S. law enacted in 1999 to protect the personal financial information of consumers that is held by financial institutions. Under GLBA, financial institutions are required to implement safeguards that provide information security, privacy, and data integrity. A U.S. law enacted in 1996 that preserves the privacy and security of personal health records. HIPAA requires that healthcare organizations adhere to specific physical, administrative, and technical safeguards to prevent unauthorized access to and manipulation of electronic patient information. A U.S. law enacted in 2009 that extends HIPAA (Health Insurance Portability and Accountability Act) to include various third party and cloud providers. It also contains breach disclosure requirements.

How Luminet Can Help

Luminet provides real-time information and continuous monitoring of insider threats. Event information gathered by Luminet supports FISMA reporting.

Luminet can monitor and alert on user activity and help enforce information policies with continuous monitoring and alerts.

Luminet helps organizations show auditors who has accessed what records and provide context to those actions with screen-by-screen replay.

With Luminet, organizations can instantly report on who has accessed a given record. Luminet can also help quantify information access and disclosure. Luminet provides information that auditors require and traditional logging methods miss. Luminet also reduces the manual process for gathering audit data. Luminet helps to protect organizations from unnecessary fines and limits brand damage by illuminating who had access to what, and when. Luminet can be used to inform individuals when their information was accessed or disclosed. Luminet can also demonstrate compliance to auditors. Luminet provides continuous monitoring of user activity and helps automate and document incident response. It also helps demonstrate SOX compliance.

NIST (National Institute of Part of the Special Publication 800 series that specifies security Standards and Technology) controls for federal information systems and audit records. Special Publication 800-53 PCI DSS (Payment Card Industry A U.S. industry standard maintained by the PCI Security Standards Data Security Standard) Council that dictates rules for handling sensitive cardholder databoth in transit and in storage. Businesses that fail to comply may be restricted in their use of credit card services. PIPEDA (Personal Information A Canadian law enacted in 2000 that governs the way in which Protection and Electronic companies collect, use, and disclose personal information. Documents Act) SOX (Sarbanes-Oxley Act) Section 404 A U.S. law enacted in 2002 to protect the financial information of public companies. Section 404 mandates certain internal controls for financial reporting and documentation. The Securities and Exchange Commission oversees SOX compliance.

Global Standards & Regulations

Basel II Basel III Directive 95 46 EC

What It Is
An international standard developed by the Basel Committee on Banking Supervision that requires financial institutions to maintain enough cash reserves to cover their operational risks. An international standard developed by the Basel Committee on Banking Supervision that strengthens the banking sectors ability to deal with financial stress. Basel III effectively triples the size of the capital reserves that the worlds banks must hold against losses. A European Union directive that regulates the collection, storage, and use of personal data. It is an important part of the European Union privacy and human rights law.

How Luminet Can Help

Luminet helps organizations demonstrate compliance with internal policies and government regulations, including Basel II. Luminet helps organizations demonstrate compliance with internal policies and government regulations, including Basel III. Luminet can provide visibility into data use, access, and interaction and can be used to help demonstrate Directive 95 46 EC compliance. Luminet can help organizations covered under the Red Flag Rule by documenting access to records and breach disclosure for audits.

FACTA (Fair and Accurate Credit Sections 114 and 315 of FACTA, a U.S. federal law enacted in Transaction Act) 2003, that require the National Credit Union Administration and Red Flag Rule the Federal Trade Commission to create regulations for financial institutions and creditors that will prevent identity theft.

2012 Attachmate Corporation. All rights reserved. Attachmate, the Attachmate symbol, and Luminet are registered trademarks of Attachmate Corporation in the United States and other countries. All other trademarks, trade names, or company names referenced herein are used for identification only and are the property of their respective owners. 12-0007.0312