Girl Scouts of Northern California
TRIPWIRE HELPS GIRL SCOUTS ‘BE PREPARED’ TO MEET GROWING SECURITY NEEDS
The Girl Scouts of the USA was founded in 1912 to empower girls and teach values by encouraging participation in a wide variety of new activities. The instantly recognizable motto of “Be Prepared” extends across every aspect of the organization, including its change and compliance management strategies.
We don’t approach compliance as an isolated event or as a necessity at the time of an audit – but instead as a way to continually improve security with constant cycles of scanning, testing, fixing and scanning again.
To raise funds, the Girl Scouts of Northern California (GSNorCal) council operates six brick-and-mortar stores and two mobile outlets that travel to camps and social events across the region. One of the most popular items — boxes of cookies — has exceeded 44 million units in sales. Because of accepting debit and credit cards, GSNorCal needs to comply with the Payment Card Industry Data Security Standard (PCI DSS) requirements, including establishing baselines, managing change, and scanning for file integrity.
The joys of continuous compliance include splitting the work of meeting regulations into small, achievable tasks and gaining peace of mind by constantly monitoring the environment.
- Exceed prevailing PCI DSS requirements to enhance security posture and uphold reputation
- Minimize window of exposure caused by extended time between scans
- Increase granularity of change detection process to avoid any unplanned or significant remediation challenges
- Define baseline configurations for components across entire infrastructure, including endpoints
Our motto is ‘Be Prepared’ so we must be ready to handle any potentially damaging changes, triggered by either unintentional or malicious activities. I cannot imagine accomplishing this without our suite of Tripwire solutions.
GSNorCal implemented Tripwire® Enterprise, including File Integrity Manager (FIM) and integrated with Tripwire Log Center®. Tripwire Enterprise is further leveraged to provide configuration and patch compliance auditing. Tripwire Log Center collects Active Directory data and routinely polls the organization’s firewalls, devices, routers, and switches. FIM agents are deployed on servers and point-of-sale computers to collect file integrity data.
- Positioned GSNorCal to be successful in surpassing standards for current and next generation of PCI DSS
- Increased scan frequencies facilitate continual compliance instead of meeting requirements just prior to audits, and dramatically shrink vulnerability window
- Created, catalogued, and maintained baselines across environment
- Leveraged Tripwire solutions to create a pervasive culture of compliance, with security and regulations at the forefront
- Saved time by automatically differentiating critical changes from expected modifications