Link to home
Start Free TrialLog in
Avatar of dcanlas
dcanlas

asked on

CISP PCI Security Audit Procedures - Requirement 10 Implementation plan

Can someone help come up with a  plan to implement specifically  REQUIREMENT 10: (Track & Monitor All acess to Network Resources and Cardholder Data ) - CISP PCI Security Audit Procedures. This requirements focuses much on logging.
ASKER CERTIFIED SOLUTION
Avatar of PowerIT
PowerIT
Flag of Belgium image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of dcanlas
dcanlas

ASKER

Addendum: Implementation Plan to 10.3 only - Record at least the following audit trail entries for each event for all system components. From 10.3.1 to 10.3.6 only.  We are using Windows Server 2003, SQL , IDS-Snort., Syslog server by Datagram.
Avatar of Fatal_Exception
Fatal_Exception
Flag of United States of America image
I was asked to chime in on this question.  Although we do follow SOX implementation and procedural review, I am not familiar with your specific request.  But there is a lot of information on this out there, including what looks like software products to help in your 'quest'.  Hopefully, someone with more experience here will come in and make suggestions.

FE
Avatar of dcanlas
dcanlas

ASKER

Thanks, I am actually looking for a centralized logging system that can track the ffg:
10.3.1 User Identification
10.3.2 Type of event
10.3.3 Date and Time Stamp
10.3.4 Succcess of Failure indication, including those for wireless connections
10.3.5 Origination of event
10.3.6 Identify the name of affected data, system component or resources

DC
SOLUTION
Avatar of Dbergert
Dbergert
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of dcanlas
dcanlas

ASKER

To: Dbergert

Thanks, The site you mentioned is very useful.