Many organizations have disparate networks and must manually track each system's log files in order to comply with
PCI DSS. Individually sifting through system logs can not only be an extremely time-consuming process, but the task can also be a major drain on IT, especially when you need to determine the cause of a compromise. Organizations have to track and monitor all access to network resources and cardholder data, including real-time, daily and active events. Aside from managing these logs, most organizations don't have a good policy that addresses the various types of information being logged, and companies have no way of sustaining the integrity of the logged data. When it comes to having access to credit card data, organizations should not only have audit trails in place, but they should also only provide this kind of sensitive information to people who absolutely need to know it.
How to pass PCI Requirement 10
Even though analyzing logs and event data analysis is directly specified in the PCI DSS, it is simply good practice for any organization to monitor events. In an average information systems environment, event data is distributed, very large and at times hard to decipher. Most operating systems, by default, have utilities that analyze events, but they only offer basic features. Consequently, there is often no way for IT personnel to be alerted when specific critical events are logged, such as the unauthorized access of cardholder information. For the most part, the event browsing and filtering capabilities provided by these tools are restricted.
However, there are a number of impressive software- and hardware- based security information management (SIM) products that provide comprehensive log management. SIM tools can centralize events, automate the aggregation and correlation of event data, issue alerts and provide extremely detailed reporting capabilities. While aggregating events, SIMs will not only assist in creating a baseline of normal network activity, but they will also provide built-in rules to categorize them, triggering alerts and procedures as a result. Many security information management products also provide default rule sets that classify events according to PCI requirements.
A GUIDE TO PASSING PCI'S FIVE TOUGHEST REQUIREMENTS
Requirement 3: Protecting stored data
Requirement 11: Regularly test security systems and processes
Requirement 8: Assign a unique ID to users
Requirement 10: Monitor access to network resources, data
Requirement 1: Install and maintain a firewall configuration
ABOUT THE AUTHOR:
|Craig Norris, CISSP, CISA, G7799, MCSE, Security+, CAPM, TICSA, is a Regional Engagement Manager at an IT consulting firm in Dallas. He has been involved with information technology and security for over 12 years. He can be contacted via email@example.com.|