Strategies for success -- PCI DSS Requirement 10: Track and monitor all access to network resources and cardholder data

How to pass PCI Requirement 10
Even though analyzing logs and event data analysis is directly specified in the PCI DSS, it is simply good practice for any organization to monitor events. In an average information systems environment, event data is distributed, very large and at times hard to decipher. Most operating systems, by default, have utilities that analyze events, but they only offer basic features. Consequently, there is often no way for IT personnel to be alerted when specific critical events are logged, such as the unauthorized access of cardholder information. For the most part, the event browsing and filtering capabilities provided by these tools are restricted.

Take SIM to the next level In an exclusive webcast, Joel Snyder explains how to take full advantage of security information management technologies.

However, there are a number of impressive software- and hardware- based security information management (SIM) products that provide comprehensive log management. SIM tools can centralize events, automate the aggregation and correlation of event data, issue alerts and provide extremely detailed reporting capabilities. While aggregating events, SIMs will not only assist in creating a baseline of normal network activity, but they will also provide built-in rules to categorize them, triggering alerts and procedures as a result. Many security information management products also provide default rule sets that classify events according to PCI requirements.

A GUIDE TO PASSING PCI'S FIVE TOUGHEST REQUIREMENTS

  Requirement 3: Protecting stored data
  Requirement 11: Regularly test security systems and processes
  Requirement 8: Assign a unique ID to users
  Requirement 10: Monitor access to network resources, data
  Requirement 1: Install and maintain a firewall configuration
  Conclusion

ABOUT THE AUTHOR:

Craig Norris, CISSP, CISA, G7799, MCSE, Security+, CAPM, TICSA, is a Regional Engagement Manager at an IT consulting firm in Dallas. He has been involved with information technology and security for over 12 years. He can be contacted via canvip@yahoo.com.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT PCI Data Security Standard PCI Requirement 6.6 has merchants gearing up PCI compliance extends to car washes, quick lubes PCI council to launch assessor quality assurance program The 'security standards dilemma': Network segmentation and PCI Compliance NSS Labs to focus research on PCI technologies PCI Confusion Trio indicted in restaurant data security breach PCI portal aims compliance guidance at smaller merchants PCI compliance and Web applications: Code review or firewalls? How to test the security of personal details submitted to a website Security Audit Architect Security and Compliance Programs to Be Complementary The road to compliance Hannaford breach illustrates dangerous compliance mentality Data breach costs soar IBM to boost security spending, push PCI DSS program Filtering log data: Looking for the needle in the haystack Preparing for a network security audit starts with monitoring and remediation Code Green pitches data protection for SMBs Dissecting compliance workflow processes Report: Companies still stumped by PCI DSS

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary PCI DSS (Payment Card Industry Data Security Standard )  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary