Meet the Highest Standards in Awareness Certification
VENZA content partners include:
– Arnall Golden Gregory (AGG)
– Hospitality Financial and Technology Professionals (HFTP)
– Hotel Technology Next Generation (HTNG)
VENZA is recognized as a PCI Council Participating Organization.
Drive Adoption & Maximize Engagement
Equip your associates with the knowledge they need to keep guest data safe and protect your enterprise. Learning conducted via a mountain-scape, mobile-friendly, VENZA® Learning Game Eco-system.
eLearning, Webinars & Breakroom Posters
Learning Content for Everyone
VENZA® Security Guides Prescribe learning through online training modules, quarterly webinars and breakroom posters.
Tracking & Reporting
Keep Track of Learning Programs and User Activity
Manage, track and report on all aspects of your hotel security program with a feature-rich, secure, cloud-based learning management solution.
PCI Readiness Assessment
PCI Readiness Assessment
This 15-page PCI Readiness Assessment is intended to facilitate the organization in gaining a high-level overview of its information security procedures. Through the process of answering these inquiries, a better understanding of how information is controlled and protected across business and technolgy elements should become apparent.
Gauge Awareness So You Can Guide Proactive Behaviors
Uncover risk and identify awareness levels in your organization. The results are communicated through insightful dashboards and reports that detail findings and enable you to drive a proactive stance against risk.
5-Stage Phishing Campaign
Measure and Reinforce Best Practices
Check for adherence to best practices and further the communication of security protocol through the VENZA® 5-Stage Phishing Campaign.
Enterprise System Administration
Manage Learners and Records for Deployment
Allow VENZA® to manage learners and track the deployment of awareness campaigns including (but not limited to) the VENZA® InfoSec Learning Game Eco-system.
Risk Analysis Workbook
Information Risk Analysis Workbook
This 122-page Information Risk Analysis consists of 11 Information Security Management Controls and 42 sub-components.
This analysis tool guides the user through the collection of documented policies, processes, and procedures, in soft or hard copy, for review. Interviews and discussions with knowledgeable and available staff members. Documentation of observations made both onsite and during the review process. Culminating with the examination of the organization’s infrastructure security architecture which refers to both the physical and electronic environments within which the organization maintains sensitive information. Consequently, a complete ‘walk-through’ of the facility(s) and complete analysis of network diagrams (not containing IP addresses) should be accomplished.
Risk Analysis Workbook (Guided)
Information Risk Analysis Workbook (Guided)
This 122 page, Information Risk Analysis consists of 11 Information Security Management Controls and 42 sub-components.
VENZA® provides a Security Guide to assist in the navigation of this analysis tool guiding the user through the collection of documented policies, processes, and procedures, in soft or hard copy, for review. Interviews and discussions with knowledgeable and available staff members. Documentation of observations made both onsite and during the review process. Culminating with the examination of the organization’s infrastructure security architecture which refers to both the physical and electronic environments within which the organization maintains sensitive information. Consequently, a complete ‘walk-through’ of the facility(s) and complete analysis of network diagrams (not containing IP addresses) should be accomplished.
Program Coach (aka “Guide”)
Chart the Right Course for Your Properties
Identify and define your property’s information security program and support needs with our Security Coach “Guides” who will craft tools and collateral to help you successfully implement the VENZA® program and create a culture of awareness.
Policy Template Library
Information Security Management Policy Template Library
This 73-page Information Policy Manual is a critical asset for organizations defining daily operations and the associated delivery of customer services that rely on the confidentiality, integrity, and availability of information.
These policies apply to the client enterprise, or Company. Consequently, all Company employees, contractors, part-time or temporary workers, as well as those employed by others that may perform work on Company premises or have access to Company information or information systems, are subject to all policy, derived procedures, and/or guidelines contained herein.
More information on API Feed coming soon.
24-hour Hotline Access
24 Hour Help Desk Support for Your Security NeedsThe VENZA® Help Desk provides your properties with “right-time” guidance and an incident response roadmap when they need it most.
More information on the Ransomware Guarantee coming soon.
It’s Time to Act on Your Remediation PlanThe Remediation Plan is something that is extrapolated from the activities associated with the Risk Analysis Workbook. The High Risk Areas become the items that make up the Remediation efforts.
Leadership “InfoSec” Statement
Deliver the Important Message of Information SecurityCraft a message the indicates to your team how you and your organization are committed to information security and the creation of a culture of awareness.
Cyber Security Testing
Did you know there are talks within the PCI Security Standards Council about mandating pen tests annually? Level I and II merchants may be required to perform a pen test twice per year. Cyber Security Testing is a ‘hands on’ effort in which Test Operators attempt to circumvent security features of a system or network based on their understanding of the technical design and implementation. The purpose of a penetration test is to identify methods for gaining access to a system or network by using common attacker tools and techniques. Accordingly, in order to conduct a penetration test, the operator must first conduct a vulnerability assessment in order to determine exploitable targets.
*Pricing will vary dependent on size of target environment and the persistence requested for penetration testing (time to break). Consequently, we often scope and price testing engagements on a flat rate per day once we are able to gauge the size of the target environment.
Internal/External Network Assessment
Internal Targets: Internal network devices, not limited to domain controllers, infrastructure services (WINS/DHCP/DNS), servers, workstations, printers and network devices
Optional: Configuration review of the firewall and internal
Internal Attack Parameters: Unobtrusive system vulnerability scans may occur during business hours; Caution: there is potential for interruption of critical business systems
Restrictions: Internal network assessment will be conducted on-site
Will not include mainframe systems; may include both automated and manual attacks; but will not usually include exploitation of any identified vulnerabilities; password cracking is usually in the scope.
External Targets: Internet facing systems and devices
External Attack Parameters: May include both automated and manual attacks; Will usually NOT include exploitation of any identified vulnerabilities; Password cracking is usually in scope
Restrictions: Attack(s) usually limited to non-business hours
Information Risk Assessment
Information Risk Assessments set the stage for establishing the Information Technology ‘Big Picture’. The VENZA® Information Risk Assessment process is built around an ISO 17799/27001 based framework, and controls are customized according to business needs (Health Insurance Portability and Accountability Act of 1996 (HIPAA), Federal Information Security Management Act of 2002 (FISMA), Financial Services – Federal Financial Institutions Examination Council (FFIEC) & Gramm-Leach-Bliley Act (GLBA), North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection (CIP), or the Payment Card Industry Data Security Standard (PCI DSS). Our inquiry will include every aspect of your organization: People, Process, and Technology.
*The cost of an Information Risk Assessment is directly related to the client’s unique requirements and maturity of their information security program.
Customized Policies & Procedures
According to requirements set by the PCI Security Standards Council, merchants must implement and document processes around their security policies. Leveraging our 73-page Information Policy Manual, VENZA® can help establish security policies and procedures for your business. Consequently, all Company employees, contractors, part-time or temporary workers, as well as those employed by others that may perform work on Company premises or have access to Company information or information systems, are subject to all policy, derived procedures, and/or guidelines contained herein.
Shared risk and shared responsibility by VENZA®. For customers maintaining an active license and high adoption rates, our Breach Protection Program will help meet the expenses resulting from a suspected or actual data breach. Designed to provide an extra layer of financial protection, our Breach Protection Program goes past standard policies and takes it one step further by covering human error. Under the program, your business is protected from financial loss, covering up to $50,000 of data breach expenses.
Attempt to bypass security controls in order to gain access to sensitive areas or information
Targets: Individual – Organization – Campus – Specific Building – or Facility
Attack Parameters: May include physical access, telephone, and email/phishing
Restrictions: Attack may be performed any time
Cyber Monitoring Alerting Service
VENZA® provides a proprietary, non-invasive, process to monitor Internet traffic originating from within client Internet domains and machines. By analyzing this client traffic against threat data collected from over 30 reputable Internet intelligence sources, we are able to generate a Cyber Risk Warning Alert direct to the client for action.
What do Cyber Risk Warning Alerts do for you?
Cyber Warning Alerts inform the client of certain monitored Internet events indicating high risk behavior from within their specific IP addresses or Internet domains. These Indications may uncover vulnerabilities or threats that are endangering the organization. For example, threat warnings may indicate that a computer from within the client’s IP address range is sending spam. Meaning that the client organization likely has a compromised machine behind their firewall. Vulnerability warnings may indicate an Internet-wide awareness of a specific client system vulnerability, thereby revealing to bad actors critical information necessary for an attack.
Known for our focus in solving for the human factor, VENZA® Security Consultants can help you to understand the real degree of exposure at your company. VENZA® Security Consultants regularly attend industry trade shows and training to stay current on the next generation of PCI Compliance, ISO and security system design technology. Call today to speak with one of our consultants regarding how to get started.