Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

CISP  PCI Security Audit Procedures - Requirement 10 Implementation plan

Posted on 2006-07-14
8
Medium Priority
?
504 Views
Last Modified: 2010-08-05
Can someone help come up with a  plan to implement specifically  REQUIREMENT 10: (Track & Monitor All acess to Network Resources and Cardholder Data ) - CISP PCI Security Audit Procedures. This requirements focuses much on logging.
0
Comment
Question by:dcanlas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 18

Accepted Solution

by:
PowerIT earned 450 total points
ID: 17121623
You can find the detailed requirements here: http://usa.visa.com/download/business/accepting_visa/ops_risk_management/cisp_PCI_Data_Security_Standard.pdf
This is a good start to map the more detailed steps to you environment.

Now, for building a plan to implement this: that really depends on the whole of your environment (applications, databases, application servers, which OS's, IDS, ..........).

In my opinion you just asked a much to ellaborate question to get a full response here.
I hope that someone else has the spare time to walk you through it, but I doubt that (250 points?).
You probably will need to do your homework yourself, or pay someone to do it for you.

J.
0
 

Author Comment

by:dcanlas
ID: 17125293
Addendum: Implementation Plan to 10.3 only - Record at least the following audit trail entries for each event for all system components. From 10.3.1 to 10.3.6 only.  We are using Windows Server 2003, SQL , IDS-Snort., Syslog server by Datagram.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 17126519
I was asked to chime in on this question.  Although we do follow SOX implementation and procedural review, I am not familiar with your specific request.  But there is a lot of information on this out there, including what looks like software products to help in your 'quest'.  Hopefully, someone with more experience here will come in and make suggestions.

FE
0
WEBINAR - Latest Cyber Tips for Defense

Join the WatchGuard Threat Research Team on October 26th for an informative webinar featuring expert tips and tricks for defending your organization from today's latest cyber threats. Don't leave yourself vulnerable to attack. Register for the webinar today!

 

Author Comment

by:dcanlas
ID: 17126570
Thanks, I am actually looking for a centralized logging system that can track the ffg:
10.3.1 User Identification
10.3.2 Type of event
10.3.3 Date and Time Stamp
10.3.4 Succcess of Failure indication, including those for wireless connections
10.3.5 Origination of event
10.3.6 Identify the name of affected data, system component or resources

DC
0
 
LVL 5

Assisted Solution

by:Dbergert
Dbergert earned 300 total points
ID: 17139136
Check out and ask in www.PCIfile.org  -- there is some good info and members there that will be able to help...
0
 

Author Comment

by:dcanlas
ID: 17141647
To: Dbergert

Thanks, The site you mentioned is very useful.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question