Solved

CISP  PCI Security Audit Procedures - Requirement 10 Implementation plan

Posted on 2006-07-14
8
498 Views
Last Modified: 2010-08-05
Can someone help come up with a  plan to implement specifically  REQUIREMENT 10: (Track & Monitor All acess to Network Resources and Cardholder Data ) - CISP PCI Security Audit Procedures. This requirements focuses much on logging.
0
Comment
Question by:dcanlas
8 Comments
 
LVL 18

Accepted Solution

by:
PowerIT earned 150 total points
ID: 17121623
You can find the detailed requirements here: http://usa.visa.com/download/business/accepting_visa/ops_risk_management/cisp_PCI_Data_Security_Standard.pdf
This is a good start to map the more detailed steps to you environment.

Now, for building a plan to implement this: that really depends on the whole of your environment (applications, databases, application servers, which OS's, IDS, ..........).

In my opinion you just asked a much to ellaborate question to get a full response here.
I hope that someone else has the spare time to walk you through it, but I doubt that (250 points?).
You probably will need to do your homework yourself, or pay someone to do it for you.

J.
0
 

Author Comment

by:dcanlas
ID: 17125293
Addendum: Implementation Plan to 10.3 only - Record at least the following audit trail entries for each event for all system components. From 10.3.1 to 10.3.6 only.  We are using Windows Server 2003, SQL , IDS-Snort., Syslog server by Datagram.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 17126519
I was asked to chime in on this question.  Although we do follow SOX implementation and procedural review, I am not familiar with your specific request.  But there is a lot of information on this out there, including what looks like software products to help in your 'quest'.  Hopefully, someone with more experience here will come in and make suggestions.

FE
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 

Author Comment

by:dcanlas
ID: 17126570
Thanks, I am actually looking for a centralized logging system that can track the ffg:
10.3.1 User Identification
10.3.2 Type of event
10.3.3 Date and Time Stamp
10.3.4 Succcess of Failure indication, including those for wireless connections
10.3.5 Origination of event
10.3.6 Identify the name of affected data, system component or resources

DC
0
 
LVL 5

Assisted Solution

by:Dbergert
Dbergert earned 100 total points
ID: 17139136
Check out and ask in www.PCIfile.org  -- there is some good info and members there that will be able to help...
0
 

Author Comment

by:dcanlas
ID: 17141647
To: Dbergert

Thanks, The site you mentioned is very useful.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SSH over http/https 8 124
PCI Compliance Free scan 2 87
Looking for a network enabled locker remotely controlled like Amazon locker 2 75
Admin account lockout 10 39
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question