?
Solved

CISP  PCI Security Audit Procedures - Requirement 10 Implementation plan

Posted on 2006-07-14
8
Medium Priority
?
502 Views
Last Modified: 2010-08-05
Can someone help come up with a  plan to implement specifically  REQUIREMENT 10: (Track & Monitor All acess to Network Resources and Cardholder Data ) - CISP PCI Security Audit Procedures. This requirements focuses much on logging.
0
Comment
Question by:dcanlas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 18

Accepted Solution

by:
PowerIT earned 450 total points
ID: 17121623
You can find the detailed requirements here: http://usa.visa.com/download/business/accepting_visa/ops_risk_management/cisp_PCI_Data_Security_Standard.pdf
This is a good start to map the more detailed steps to you environment.

Now, for building a plan to implement this: that really depends on the whole of your environment (applications, databases, application servers, which OS's, IDS, ..........).

In my opinion you just asked a much to ellaborate question to get a full response here.
I hope that someone else has the spare time to walk you through it, but I doubt that (250 points?).
You probably will need to do your homework yourself, or pay someone to do it for you.

J.
0
 

Author Comment

by:dcanlas
ID: 17125293
Addendum: Implementation Plan to 10.3 only - Record at least the following audit trail entries for each event for all system components. From 10.3.1 to 10.3.6 only.  We are using Windows Server 2003, SQL , IDS-Snort., Syslog server by Datagram.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 17126519
I was asked to chime in on this question.  Although we do follow SOX implementation and procedural review, I am not familiar with your specific request.  But there is a lot of information on this out there, including what looks like software products to help in your 'quest'.  Hopefully, someone with more experience here will come in and make suggestions.

FE
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:dcanlas
ID: 17126570
Thanks, I am actually looking for a centralized logging system that can track the ffg:
10.3.1 User Identification
10.3.2 Type of event
10.3.3 Date and Time Stamp
10.3.4 Succcess of Failure indication, including those for wireless connections
10.3.5 Origination of event
10.3.6 Identify the name of affected data, system component or resources

DC
0
 
LVL 5

Assisted Solution

by:Dbergert
Dbergert earned 300 total points
ID: 17139136
Check out and ask in www.PCIfile.org  -- there is some good info and members there that will be able to help...
0
 

Author Comment

by:dcanlas
ID: 17141647
To: Dbergert

Thanks, The site you mentioned is very useful.
0

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question