CSN5: Achieving PCI DSS Compliance for Mainframe Applications

Document created by jmerrill on Sep 28, 2009Last modified by jmerrill on Jul 8, 2014
Version 2Show Document
  • View in full screen mode
Achieving PCI DSS Compliance for Mainframe Applications
Speakers: Florian Leibenzeder, Senior IT Security Engineer-Lufthansa Systems; Stephen Fedtke, Head of Technology-Enterprise-IT-Security.com
In the airline and aviation business, a lot of IBM mainframe-based legacy applications are still crucial for daily operations. In their z/OS mainframe environment, Lufthansa Systems, the full-service IT provider for Lufthansa and other airlines around the globe, had to address PCI DSS compliance requirements for affected applications. In this session, you will learn how Lufthansa Systems achieved PCI compliance by utilizing their self-developed PCI Compliance z/OS Engine, the comprehensive z/OS log and event monitor/collector SF-Sherlock (Enterprise-IT-Security.com), and the power of ArcSight ESM and ArcSight PCI Compliance Insight Packages. You will learn how z/OS audit data needed to be collected, how it is provided to ArcSight ESM via CEF, and how the workflow around this solution was created by making heavy use of ArcSight internal workflow tools.
Level: Intermediate