Case Study: Carlson achieves stronger PCI compliance and deeper vulnerability detection with NetSPI

Carlson Companies Uses NetSPI as part of a Comprehensive Approach to Information Security

Carlson, a global group of travel, hotel, restaurant and marketing companies (brands include Radisson Hotels and T.G.I. Friday’s), needed to meet rigorous information-security and privacy obligations—most notably a Visa Level 1 PCI assessment requiring an in-depth third-party evaluation. To satisfy PCI, HIPAA and other standards in a complex, distributed environment, Carlson engaged NetSPI as a Qualified Security Assessor (QSA) to perform PCI assessments, firewall reviews and penetration testing.

NetSPI conducted detailed firewall analysis—creating a taxonomy of rules, removing overlapping/inactive entries, and driving remediation workflows—and delivered network and application penetration testing using a methodology that combines tools and extensive manual review (80% of high/severe findings were discovered manually). NetSPI’s work produced granular, actionable findings that helped Carlson remediate risk, improve compliance with Level 1 PCI requirements, streamline firewall management and increase operational efficiency, while costing less than other QSAs.

Carlson

Kathy Orner

Vice President and Chief Information Security Officer