Solved

CISP  PCI Security Audit Procedures - Requirement 10 Implementation plan

Posted on 2006-07-14
8
494 Views
Last Modified: 2010-08-05
Can someone help come up with a  plan to implement specifically  REQUIREMENT 10: (Track & Monitor All acess to Network Resources and Cardholder Data ) - CISP PCI Security Audit Procedures. This requirements focuses much on logging.
0
Comment
Question by:dcanlas
8 Comments
 
LVL 18

Accepted Solution

by:
PowerIT earned 150 total points
Comment Utility
You can find the detailed requirements here: http://usa.visa.com/download/business/accepting_visa/ops_risk_management/cisp_PCI_Data_Security_Standard.pdf
This is a good start to map the more detailed steps to you environment.

Now, for building a plan to implement this: that really depends on the whole of your environment (applications, databases, application servers, which OS's, IDS, ..........).

In my opinion you just asked a much to ellaborate question to get a full response here.
I hope that someone else has the spare time to walk you through it, but I doubt that (250 points?).
You probably will need to do your homework yourself, or pay someone to do it for you.

J.
0
 

Author Comment

by:dcanlas
Comment Utility
Addendum: Implementation Plan to 10.3 only - Record at least the following audit trail entries for each event for all system components. From 10.3.1 to 10.3.6 only.  We are using Windows Server 2003, SQL , IDS-Snort., Syslog server by Datagram.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
Comment Utility
I was asked to chime in on this question.  Although we do follow SOX implementation and procedural review, I am not familiar with your specific request.  But there is a lot of information on this out there, including what looks like software products to help in your 'quest'.  Hopefully, someone with more experience here will come in and make suggestions.

FE
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:dcanlas
Comment Utility
Thanks, I am actually looking for a centralized logging system that can track the ffg:
10.3.1 User Identification
10.3.2 Type of event
10.3.3 Date and Time Stamp
10.3.4 Succcess of Failure indication, including those for wireless connections
10.3.5 Origination of event
10.3.6 Identify the name of affected data, system component or resources

DC
0
 
LVL 5

Assisted Solution

by:Dbergert
Dbergert earned 100 total points
Comment Utility
Check out and ask in www.PCIfile.org  -- there is some good info and members there that will be able to help...
0
 

Author Comment

by:dcanlas
Comment Utility
To: Dbergert

Thanks, The site you mentioned is very useful.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now