Recent news stories about the rise in hacker attacks on businesses and government institutions have signaled alarms throughout the cyberworld that current security measures do not go far enough in protecting critical business processes that utilize web technology from attacks where security constructs are underwhelming or absent- the business process interconnectivity applications that act as the glue that connect and move data from one web application to another. In fact, the recent news has come as no surprise to Evans Resource Group (ERG) as we have found that over 90% of the testing we have performed on this critical part of any e-commerce organization has failed to achieve basic security levels.
At ERG, we specialize in BPIC (Business Process Interconnectivity Security which is also referred to as SOA or Service-Oriented Architecture), Enterprise Service Bus (ESB) and gateway technology security with a focused expertise in IBM® WebSphere® environments. We have created an end-to-end BPIC security solution, in conjunction with IBM, that will help you identify risk and vulnerabilities across your critical BPIC infrastructures and provide you with clear, insightful, actionable optimizations to safeguard and protect your critical business assets.
Our complete portfolio of consulting offerings and software solutions span the full information technology lifecycle for SOA and BPIC and provide data security testing and optimization for IT governance of the Payment Card Industry Data Security Standard (PCI-DSS), European Union Data Directive 95/46/EC, Health Insurance Portability and Accountability Act (HIPAA), Sarbanes–Oxley Act, Basel II Accord, Federal Information Security Management Act (FISMA) and Gramm-Leach-Bliley Act (GLBA). We are the experts in data security compliance by industry guidelines and country regulations providing unequivocal insight into best practices for business process interconnectivity security.
New ERG Whitepaper on Achieving PCI DSS, SOX and HIPAA SOA Compliance Now Available
Free One-Day WebSphere Interconnectivity Vulnerability Assessment
Our one-day Internal Vulnerability Assessment service is provided free to qualified companies as a cost-effective tool to analyze their current WebSphere interconnectivity network. Utilizing intelligent, non-intrusive, scanning technologies and methods that meet or exceed all vulnerability scanning/assessment requirements for most industry standards and regulations, including Sarbanes-Oxley (SOX), Common Vulnerabilities and Exposures (CVE), the Health Insurance Portability and Accountability Act (HIPAA), the Gramm Leach Bliley Act (GLBA), the Payment Card Industry (PCI) Data Security Standard, the Federal Information Security Management Act (FISMA), ISO-9000 and more, ERG's comprehensive assessment tests against over 20,000 vulnerabilities and provides a detailed list of potential vulnerabilities and available corrective actions.
To schedule an assessment, view a sample report, or get additional information, contact us at:info@evansrg.com or call 1-888-MSECURE.
IBM Program for PCI DSS Compliance for WebSphere MQ, ESB, and payment gateways
PCI Compliance for WebSphere MQ (WMQ) is required for all banks, merchants and data processors that utilize WebSphere MQ as the message oriented middleware transport for SOA, ESB and payment gateways. Given that over 87% of the Fortune 500 use WebSphere MQ as the transport for messages, payment gateways, and with SOA architectures, this solution tests and optimizes WMQ for PCI DSS Compliance using non-perimeter testing methods and remediation tools. Perimeter security vendors do not test WebSphere MQ for PCI DSS compliance because they do not have the correct methods and tools. This solution utilizes methods and tools that were developed in conjunction with IBM to provide the only PCI DSS Compliant messaging solution for banks, merchants and data processors in the world.
http://www-304.ibm.com/partnerworld/gsd/solutiondetails