When an organization’s network is
left exposed by insecure wireless LAN devices, hackers can compromise an organization’s
network backbone, rendering the investment in IT security useless. Not only are there financial implications from a security standpoint, but the breach can potentially impact the
company’s reputation and proprietary and regulatory information. These scenarios can lead
to additional financial loss and legal ramifications. Hence various regulatory bodies have defined policies that have to be complied with by
organizations. Regardless of the WLAN deployment status, organizations have to ensure
that they track all wireless activity and prevent the transmission of wireless data in clear
Motorola helps organizations comply with various regulatory mandates such as PCI DSS, DoD 8100.2, HIPAA, GLBA and Sarbanes-Oxley.
Payment Card Industry Data Security Standard (PCI DSS)
Retailers have to comply with the mandates made by the Payment
Card Industry (PCI).
PCI DSS requires that card holder
environments change wireless defaults (passwords, SSIDs, WEP keys, etc.), analyze and identify
all wireless devices, restrict physical access to wireless devices, log wireless activity and define
wireless usage policies.
Department of Defense Directive 8100.2
The Department of Defense Directive 8100.2 establishes policy and assigns responsibilities for the use of commercial
wireless devices, services, and technologies in the DoD Global Information Grid. It spells out policies for deploying secure wireless
networks and requires monitoring of those wireless networks for compliance.
Health Insurance Portability and Accountability Act (HIPAA)
Healthcare organizations have to maintain the sanctity of patient data by complying with HIPAA regulations.
They need to support the security management process through constant verification and enforcement of security policies, provide intrusion alarms, audit trail information, event reporting capability and continuous vulnerability assessment.
GLBA – Safeguards Rule
The GLBA – Safeguards
Rule has been defined for banking and financial institutions to insure the security and confidentiality of customer information, protect against anticipated threats to the security or integrity of such information and protect against unauthorized access to such information that could result in substantial harm to customers.
The Sarbanes-Oxley Act Section 404 requires all publicly traded firms to file an internal
control statement attesting to management's responsibility for establishing and
maintaining adequate internal control over financial reporting for the company. The IT department must document, test, monitor and report the
effectiveness of internal control processes.