3H Technology
About 3H
Services
Solutions
Partners
Clients
Contracts
Careers


3H Technology: ISO 9001:2000 Certified & CMMI® Level 3 Rated





Home Login Site Map Contact
Case Studies
 

 

The Noble Collection

Client:The Noble Collection™

Title:: 3H delivers Payment Card Industry (PCI) Compliance using Altiris Security Management solutions. (PDF)

Key Benefits

PCI Compliance (Payment Card Industry Data Security Standards) helps Noble Collection™ protect their customers from identity theft and fraud by establishing controls around how customer data is handled within the company’s information architecture. Demonstrating compliance with PCI follows best practices.

3H Technology implemented  Altiris Security Management solutions, an automated solution to audit, deploy and enforce system security policies across the enterprise. By reducing exposure to security threats and eliminating vulnerability root causes, The Noble Collection™ delivers maximum e-commerce security to their customers through PCI Compliance.

CHALLENGE

The Noble Collection™ is in the business of developing and selling collectible items and movie memorabilia, such as replicas of armor, weaponry, historical inventions and movie artifacts featured in films like Harry Potter™ and Lord of the Rings™ .

By focusing on customer service, exquisite designs and fine craftsmanship, the company has achieved an international reputation for the quality their products. In order to maintain product and customer service excellence, The Noble Collection™ selected to adhere to the highest possible standards by complying with Payment Card Industry (PCI) security standards. The voluntary guidelines developed by credit card companies ensures the proper handling and protection of cardholder account and transaction information, which includes safeguarding purchases made at www.noblecollection.com.

3H Technology was asked to evaluate the infrastructure and implement a solution to enable The Noble Collection™ to meet current and future Payment Card Industry (PCI) data security standards.

The PCI standard consists of a set of rules for the secure handling of credit card data, including credit card numbers and account holder personal identifiable information (such as address, SIN, SSN, etc). While achieving this standard was the first priority, the 3H team also recognized the need to build a solution that would aid in maintaining compliance long after the engagement was over. The top challenges were:

  • Implement and configure a solution that provides a comprehensive process to update all operating systems with related patches and updates.
  • Implement and configure a solution to capture process and evaluate event data.
  • Implement and configure a solution to execute and monitor security related changes.

3H SOLUTION

The Noble Collection™ uses a centralized environment consisting of one data center and a large group of workstations with both Microsoft Windows and Microsoft Windows XP located in Sterling, Virginia. Workstations and servers are linked in a Windows domain using DHCP and DNS, administered by a single operations manager. A manual patch management process was in place at the time of the evaluation with updates managed manually using Windows update. In addition, The Noble Collection™ was unable to evaluate and modify security configurations or to extract for review important event data such as security logs or event data.

3H Technology performed an all-inclusive survey of The Noble Collection’s™ network. The survey was followed by a Q&A session with the operations manager about the network and the routine administration duties.

The design needed to adhere to the following:

  • Total PCI Compliance
  • Document all facets of the solution
  • Provide automation where possible
  • No disruption in sales operations

The 3H team recommended Altiris Client, Server and Security Management solutions as a foundation. Using Altiris solutions, 3H collected valuable inventory information on all software and hardware deployed in the environment. Once the Altiris infrastructure was in place, the 3H team implemented Altiris Patch Management, Monitor Solution, and Software Delivery as a recommended solution plug-ins.

The Patch Management solution provided a comprehensive documented patching strategy capable of targeting and updating workstations with missing security patches and delivering software updates. The Monitor Solution was utilized to assist in collecting and storing historical log data required for meeting PCI Standards. The administrator received notifications if key services were stopped on remote workstations or servers.

Finally, the 3H team installed and implemented Altiris Security Expressions, enabling The Noble Collection™ to easily identify and modify security configurations in their environment following industry standard policies. Automated security reports are sent via email to the operations manager on a weekly basis for review. Security Expressions offers the flexibility needed to remediate specific security issues automatically or manually in real time. If The Noble Collection™ needs to make a future change because of a virus or new vulnerability, this can be done quickly. Also, if the configuration change needs to be backed out, there is an undo feature.

RESULTS

The 3H solution, using Altiris Security Management products provided The Noble Collection™ with the ability to deliver increased e-commerce security to their customers through compliance with Payment Card Industry (PCI) best practices.

 

 

Headquarters - 1767 Business Center Dr. #500, Reston, VA 20190
© 2008 QinetiQ North America Operations LLC