Solved

CISP  PCI Security Audit Procedures - Requirement 10 Implementation plan

Posted on 2006-07-14
8
496 Views
Last Modified: 2010-08-05
Can someone help come up with a  plan to implement specifically  REQUIREMENT 10: (Track & Monitor All acess to Network Resources and Cardholder Data ) - CISP PCI Security Audit Procedures. This requirements focuses much on logging.
0
Comment
Question by:dcanlas
8 Comments
 
LVL 18

Accepted Solution

by:
PowerIT earned 150 total points
ID: 17121623
You can find the detailed requirements here: http://usa.visa.com/download/business/accepting_visa/ops_risk_management/cisp_PCI_Data_Security_Standard.pdf
This is a good start to map the more detailed steps to you environment.

Now, for building a plan to implement this: that really depends on the whole of your environment (applications, databases, application servers, which OS's, IDS, ..........).

In my opinion you just asked a much to ellaborate question to get a full response here.
I hope that someone else has the spare time to walk you through it, but I doubt that (250 points?).
You probably will need to do your homework yourself, or pay someone to do it for you.

J.
0
 

Author Comment

by:dcanlas
ID: 17125293
Addendum: Implementation Plan to 10.3 only - Record at least the following audit trail entries for each event for all system components. From 10.3.1 to 10.3.6 only.  We are using Windows Server 2003, SQL , IDS-Snort., Syslog server by Datagram.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 17126519
I was asked to chime in on this question.  Although we do follow SOX implementation and procedural review, I am not familiar with your specific request.  But there is a lot of information on this out there, including what looks like software products to help in your 'quest'.  Hopefully, someone with more experience here will come in and make suggestions.

FE
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:dcanlas
ID: 17126570
Thanks, I am actually looking for a centralized logging system that can track the ffg:
10.3.1 User Identification
10.3.2 Type of event
10.3.3 Date and Time Stamp
10.3.4 Succcess of Failure indication, including those for wireless connections
10.3.5 Origination of event
10.3.6 Identify the name of affected data, system component or resources

DC
0
 
LVL 5

Assisted Solution

by:Dbergert
Dbergert earned 100 total points
ID: 17139136
Check out and ask in www.PCIfile.org  -- there is some good info and members there that will be able to help...
0
 

Author Comment

by:dcanlas
ID: 17141647
To: Dbergert

Thanks, The site you mentioned is very useful.
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How important is it to take extra precautions to protect your online business? These are some steps you can take to make sure you're free of any cyber crime.
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now