White PapersA 2005 survey on security conducted jointly by the U.S. Federal Bureau of Investigation (FBI) and the Computer Security Institute (CSI) found that nearly half of all cyber security breaches originate from outside the target organization’s boundary. To protect customer information against unauthorized access, enterprises must be able to control not only who accesses networks, applications, facilities, and other resources, but also which resources each user can access. VeriSign Unified Authentication enables enterprises to significantly reduce the risk of unauthorized access. Along with its technology partners, VeriSign enables enterprises to easily deploy and manage a variety of strong authentication solutions such as digital certificates, smart cards, USB tokens, and biometrics. In addition, Unified Authentication can be seamlessly integrated with leading access control and directory applications.
The VeriSign® Identity Protection (VIP) suite of services is designed to strengthen and protect consumer’s digital identities and is for enterprises that interact electronically with consumers’ personal data. The VIP suite is comprised of VIP Fraud Detection Service and VIP Authentication Service. These complementary services form a flexible, layered solution that provides both visible and invisible mechanisms for securing online transactions and preventing identity theft. VIP Fraud Detection Service provides invisible server-side monitoring capabilities. VIP Authentication Service provides a more visible, standards-based strong authentication solution for online commerce applications. Both services help ensure that a person is who he or she claims to be.
Security Solutions to Minimize Risk of Breaches of PersonalInformation SO LU T I O N OV E RV I E WUntitled Document2The California Security Breach Notice Act (formerly Senate Bill 1386) requires anyagency, business, or person owning, licensing, or maintaining a computerized database ofpersonal information on California residents to immediately notify the customers if thesecurity of their personal information is breached. This requirement, which becameoperative on July 1, 2003, has been duplicated by other states and the federalgovernment and applies even if no personal information is stolen. In addition, itauthorizes lawsuits and injunctions if breaches are not reported in a timely manner.Enterprises recognize the dif culty of providing written or electronic notices to customersin the event of a breach. Accordingly, most enterprises operating in states that havebreach reporting laws recognize the need to prevent security breaches that necessitatereporting and may potentially damage their reputation. To minimize risk exposure causedby unauthorized access to or disclosure of information, enterprises are acting quickly toidentify and assess security risks, plan and implement services to protect sensitiveinformation, and establish measures to monitor and manage security systems.VeriSign offers a suite of services to support enterprises in preventing breaches of securitysystems covered by the California Security Breach Notice Act and similar statutes: " VeriSign Global Security Consulting Enables enterprises to design and implementan information security program to minimize the risk exposure of networks andapplications that may contain personal information. " VeriSign Managed Security Services (MSS) Help ensure the security of networksthat hold customers personal information through 24/7 management of thenetwork-security infrastructure. Regular vulnerability assessments help ensure thatpotential vulnerabilities are detected and remedied proactively before attackers canexploit them. " VeriSign Uni ed Authentication Enables enterprises to leverage existinginfrastructure for authenticating a variety of digital credentials including digitalcerti cates, dynamic one-time passwords (OTPs), and universal serial bus (USB)tokens with smart card technology to minimize, if not eliminate, unauthorizedaccess, while reducing costs. + Compliance Assessment and Gap AnalysisIdentifying and assessing threats to customer information and evaluating the effectivenessof current safeguards is a complex task that requires in-depth knowledge of securitytechnology and practices, as well as continual identi cation of ever-changing securitythreats and requirements. VeriSign leverages deep expertise, proven methodologies, andstate-of-the-art tools to thoroughly assess the current state and vulnerability of existingnetwork security implementations, including policies, technology, operations, use,performance, and physical security. VeriSign identi es immediate security concerns andpinpoints gaps between the current infrastructure and identi ed requirements, overallsystem security, and projected growth. Using the assessment and gap analysis, VeriSignprovides prioritized recommendations for improving performance and mitigating risk,thereby helping ensure compliance with breach reporting laws. + Security Breach ProtectionVeriSign MSS allow enterprises to of oad security infrastructure management to a teamof experts whose core business is security. The suite of services (e.g., rewalls, intrusiondetection systems, intrusion prevention, and log monitoring), which can be utilizedindividually or as a set, includes assessment, monitoring, management, and reporting.KEY BENEFITSReduces Exposure Under BreachReporting Laws VeriSign solutions minimize risk ofpenalties, and damage to reputationand customer loyalty, associatedwith security breaches.Minimizes New SecurityInvestments Enterprises can reduce the costs of planning, developing, andimplementing the securityinfrastructure needed to helpachieve compliance.Establishes a Flexible, ExtensibleSecurity Program VeriSign establishes policies,procedures, guidelines, andtechnologies that help in complyingwith breach reporting laws and other regulations and achievingbusiness priorities. S O LU T I O N OV E RV I E WUntitled Document3Working from globally linked VeriSign Security Operations Centers (SOCs), securityteams use sophisticated tools to monitor, correlate, and analyze data across multiple levelsof the organization in order to rapidly identify and prevent attacks. Enterprises maintainfull control of security policies and decisions and can access network data 24/7 via theWeb-based VeriSign Enterprise Security Portal. + Authentication and Access ControlA 2005 survey on security conducted jointly by the U.S. Federal Bureau of Investigation(FBI) and the Computer Security Institute (CSI) found that nearly half of all cybersecurity breaches originate from outside the target organization s boundary. To protectcustomer information against unauthorized access, enterprises must be able to controlnot only who accesses networks, applications, facilities, and other resources, but alsowhich resources each user can access. VeriSign Uni ed Authentication enables enterprisesto signi cantly reduce the risk of unauthorized access. Along with its technologypartners, VeriSign enables enterprises to easily deploy and manage a variety of strongauthentication solutions such as digital certi cates, smart cards, USB tokens, andbiometrics. In addition, Uni ed Authentication can be seamlessly integrated with leadingaccess control and directory applications.The VeriSign Identity Protection (VIP) suite of services is designed to strengthen andprotect consumer s digital identities and is for enterprises that interact electronically withconsumers personal data. The VIP suite is comprised of VIP Fraud Detection Serviceand VIP Authentication Service. These complementary services form a exible, layeredsolution that provides both visible and invisible mechanisms for securing onlinetransactions and preventing identity theft. VIP Fraud Detection Service provides invisibleserver-side monitoring capabilities. VIP Authentication Service provides a more visible,standards-based strong authentication solution for online commerce applications. Bothservices help ensure that a person is who he or she claims to be.+ Learn MoreFor more information about VeriSign Security Services, please call 650-426-5310, emailenterprise_security@verisign.com, or visit us at www.VeriSign.com.+ About VeriSignVeriSign, Inc. (Nasdaq: VRSN) operates intelligent infrastructure services that enable and protect billions of interactions everyday across the world s voice and data networks.Additional news and information about the company is available at www.verisign.com.Visit us at www.VeriSign.com for more information.S O LU T I O N OV E RV I E WThis Solution Overview provides only a general description of VeriSign services for informational purposes and does not comprise a legal opinion orrepresentation regarding the status or suf ciency of the VeriSign services under any applicable law. Customers should obtain independent legal advice on thescope and applicability of any legal requirements to which they may be subject. 2006 VeriSign, Inc. All rights reserved. VeriSign, the VeriSign logo, Where it all comes together, and other trademarks, service marks, and designs areregistered or unregistered trademarks of VeriSign and its subsidiaries in the United States and in foreign countries. IBM and Tivoli are trademarks of IBMCorporation. All other trademarks are the properties of their respective owners.00017444 08-07-2006
