STORES Magazine - July 2010 - (Page 68)

LOSS PREVENTION / RISK MANAGEMENT Preventing Shoes From Dropping When it comes to PCI compliance, Bakers Footwear prefers playing offense BY M.V. GREENE or many mid-market retailers, PCI compliance is the elephant in the room. The standard applies to organizations that process cardholder data, and organizations at varying levels of transactions must show they are in compliance annually. Those that aren’t risk fines and losing the opportunity to process credit card payments with banks and card companies like MasterCard and Visa. F Therefore, when it comes to PCI compliance, vigilance is the only way to go, according to Chris Spohr, information security officer for Bakers Footwear Group, a St. Louis-based chain that sells footwear and accessories for young women with more than 240 locations. “The worst-case scenario is what you see in the news where you have a security breach where somebody gets in and gets access to cardholder data and uses that for fraudulent purposes,” Spohr says. “The other side of that is meeting the standards. If you don’t meet them, even if you don’t have a breach, then the card branches will assess you with some fines.” Technologies do exist for companies to remain on top of their networks by detecting and neutralizing threats. But for retailers without the expansive IT budgets or personnel resources of the major players, determining how to pay for security information and event management (SIEM) can be particularly problematic. In addition, many organizations must prime their internal networks to comply with other mandates emanating from federal regulatory actions, including Sarbanes Oxley, the Health Insurance Portability and Accountability Act, FDIC guidelines and the Gramm-LeachBliley Act. Bakers Footwear maintains a threeperson team dedicated to IT security – 68 STORES / JULY 2010 far fewer than most large retailers. “We try to pay attention to our expenditures and make wise choices,” Spohr says. “You stay diligent in trying to achieve and maintain compliance.” Centralizing security data Two years ago, the company determined that it needed to improve the process of centralized logging from its network for SIEM – specifically, en- won’t be in sync with what is being captured through a router. Therefore retailers need to have that data centralized, scoured and compartmentalized to determine the sources of threats to the network. In 2008, Spohr’s dilemma was finding a solution that would not break the bank or burden his small staff. His budget would not accommodate large-scale “forensic” enterprise solutions that often require additional engineering fees and third-party personnel to customize the technology for individual implementations. What he needed was a device to place on Bakers Footwear’s network that could be up and running quickly and which would assemble all SIEM log data in one place for analysis. His staff’s manual-based system for reviewing log data was rudimentary and time-consuming — it required opening up various servers and folders individually, a system fraught with unreliability. “When you get a person doing that all When it comes to PCI compliance, vigilance is the only way to go. hancing the logging of potential security events from network routers, switches, firewalls and servers in order to gain visibility into possible threats. Networks can become silos of disparate information. Typically, a server won’t know what is stored in a firewall, or an anti-virus detection program the time, you spend a lot of time viewing logs, checking logs, remembering to check logs and recording that you checked logs,” Spohr says. Bakers Footwear found its solution from TriGeo Network Security. The Post Falls, Idaho-based company has staked its market position on offering WWW.STORES.ORG http://WWW.STORES.ORG

Table of Contents for the Digital Edition of STORES Magazine - July 2010

STORES Magazine
Editor's Page
President's Page
Retail People
Corporate Leadership
Top 100 Retailers
Location Apps
Food Safety
Risk Management
ARTS Update
Point of View
NRF News
Retail Industry Calendar
End Cap

STORES Magazine - July 2010