SOURCE: Lightwave Security

Lightwave Security

January 11, 2010 07:15 ET

Lightwave Security Introduces IT GRC Solution to Accelerate Acceptance of Continuous PCI DSS Compliance in Retail Industry

SecureAware Helps Prevent Data Security Breaches; Reduces Compliance Costs by 50 Percent

NEW YORK, NY--(Marketwire - January 11, 2010) - National Retail Federation Conference -- Advancing acceptance and implementation of continuous PCI DSS compliance in the retail industry, Lightwave Security today introduced SecureAware, an automated IT GRC system that helps organizations manage business risks and comply with Payment Card Industry (PCI) security standards as well as governmental regulations such as GLB, SOX and HIPAA while utilizing ISO 27000 best practices.

Lightwave Security will showcase the PCI DSS capabilities of SecureAware Jan. 10-13, 2010, at the National Retail Federation (NRF) 99th Annual Convention and Expo in New York City.

SecureAware enables retailers to implement an automated continuous PCI DSS compliance solution that will help them:

--  Comply with multiple mandates while establishing one defensible standard
    of care;
--  Prevent data security breaches;
--  Reduce compliance costs by 50 percent; and
--  Collect, manage, and rationalize policies, IT controls and risk
    information that are located in disparate locations throughout the

"Being compliant with the Payment Card Industry's Data Security Standard (PCI DSS) doesn't protect retailers from a data breach," said Gary Blume, senior vice president, Strategic Business Technology Solutions, Lightwave Security. "Instead, merchants should view PCI compliance with a 'security and risk' mindset. Ideally, a retailer should know its PCI DSS compliance status on a daily basis, be able to adapt to updates in the standard, and ensure that employees are educated on security policies and are following them."

Blume said SecureAware® provides total oversight of the entire PCI compliance process, including technology-based components. The system is an automated workflow optimized to manage and monitor event and feedback information from multiple components with an at-a-glance summary, and to assess and report on these controls in every form needed, from installation to the results produced. An automated IT GRC tool delivered as "Software as a Service" (SaaS), hosted at a remote location and delivered over the Internet, makes it affordable for any size merchant.

"The retail community has been clamoring for an automated solution to the overwhelming PCI DSS compliance problem," said Michael Hess, president of Tech Global Partners, a strategic consultancy to the retail industry that has specialized in helping retailers leverage technology for competitive advantage. "SecureAware can help retailers achieve a new level of security by creating a framework for continuous compliance while dramatically reducing certification costs, and, ultimately, delivering peace of mind. Because of its unmatched capabilities, tangible benefits, ease of use and suitability for all types and sizes of retail businesses, we are focused on SecureAware for our client engagements."

Independent surveys by Deloitte and The Computing Technology Industry Association each identify human error as the greatest weakness in security IT systems followed by technology. According to Deloitte's survey, "The 6th Annual Global Security Survey," people are the problem, according to 86 percent of those surveyed, with technology a distant second at 63 percent. The Computing Technology Industry Association, Inc. survey, "Committing to Security: A CompTIA Analysis of IT Security and the Workforce," stated that human error, not technology, is the most significant cause of IT security breaches.

"To reduce security risk caused by human error," Blume said, "a retailer must have a process for distributing its IT security policy and ensuring that each employee has read and understands the policy and acknowledges their responsibility in protecting the organization's information and data. IT GRC systems that include Security Awareness Training (SAT) modules make it easy for retailers to educate and test employees on general IT security practices and internal IT security policies."

SecureAware is an all-in-one platform for compliance, best practices and security awareness that incorporates an automated compliance workflow system built to ISO 27001 international standards. In addition to helping organizations manage multiple compliance mandates, SecureAware also helps compliance managers create policy management efficiencies, conduct security awareness training and to identify, mitigate, and reduce business risks. SecureAware automates repeatable processes and allows organizations to respond rapidly to new compliance mandates, audit requests and evolving business risks.

NRF 2010
Jacob K. Javits Convention Center
Tech Global Partners' Booth 2809

About Lightwave Security

Lightwave Security is a GRC solution provider whose vast technical and practical experience provides organizations with a foundation of assurance in managing business and technology risk. Lightwave Security's unique model of automating compliance with traditionally complex regulatory and technical issues is a cutting edge approach not seen in the security space. Lightwave Security is based in Atlanta, Georgia, with affiliate offices and resources available across the globe. SecureAware is available as enterprise software or Software as a Service (SaaS) in the U.S., Canada, Mexico and Central America. For more information, visit Lightwave Security on the internet at

Contact Information

  • For more information:
    Monica Shaw
    Carabiner Communications
    Email Contact