TOPICS >> PCAOB | Encryption | GRC | PCI DSS | Internal Audits | Data Loss Prevention | Sarbanes-Oxley
Case study: The Gap and employee access controls
Retailers spend a lot of time worrying about PCI and Sarbanes-Oxley. As CIO notes, passing an audit means showing definitively that you can control employee access to customer and other data. Unfortunately for Gap Inc. Direct, which has to control for the online operations at Gap, Banana Republic, Old Navy and other stores, the IT environment was decidedly heterogeneous. So for PCI and Sarbox audits, server logs had to be manually collected to show who accessed files and when for hundreds of servers. The process required up to 10 people working at least part-time on every audit. The remedy: an identity management solution (this one from Likewise Software). The implementation cost: $400,000. You've likely heard such success stories from vendors, but in this economic environment, it is not fait accompli that the benefits will outweigh the costs. Some of you may have developed some scripts that are good enough. Automation in many cases will make sense--as long as you can truly afford it.
For more:
- here's the CIO article
SHARE WITH:
Comments
Post new comment
Home
| Subscribe | Advertise | Mobile Edition | RSS |
Privacy
| Site MapTHE FIERCEMARKETS NETWORKFierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceVoIP | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2010 FierceMarkets. All rights reserved. |
 |