Configuring Log Event Source Series – HP UX
Welcome to another post in the series of configuration instructions in enabling monitored systems to send system logs to a central logging server – HP UX. (more…)
Welcome to another post in the series of configuration instructions in enabling monitored systems to send system logs to a central logging server – HP UX. (more…)
In the face of an increasing list of compliance frameworks, IT organizations operating on an already stretched budget are desperate for relief. Regulations around Personally Identifiable Information (PII), cardholder data (CHD) and patient health information all require a separate environment for storing and transmitting sensitive data. Who can afford THAT? (more…)
Tackling the log management requirements in section 10 of the PCI DSS can be greatly simplified by using Intersect Alliance’s SNARE software (an acronym for System iNtrusion Analysis and Reporting Environment). SNARE is a comprehensive Event Log Management toolkit, designed to collect and report on activities from within a monitored system. (more…)
Exactly which settings need to be enabled for the audit (logging) policy on Windows systems in order to meet the intent of PCI DSS requirements 10.2.x? Trying to understand all the individual events IDs associated with each Windows audit policy is your first step in trying to determine the answer to this question! But after a bit of digging (thank goodness for Google) I found the answer. Both articles provide great information on the details of each event ID and how you can align this with PCI requirements for auditing: (more…)
Since the SIG for addressing the impact of virtualization in PCI compliance has yet to be published, there has been a mixed reaction to whether or not virtualization SHOULD be used in the cardholder data environment. (more…)
I have had many questions on the topic of compliance for Level II PCI Merchants that are transitioning from a SAQ (self-assessment questionnaire) to an On-site audit with a Report on Compliance (ROC). Many are concerned with the prospect that they are non-compliant with many of the controls and want to know what they should do and what risks they face. (more…)
PCI Compliance Adoption Rates. Visa’s latest report (updated as of June 30, 2010) on the percentage of the current merchant and service provider population currently validated as PCI compliant shows that most companies have now achieved compliance with the PCI Data Security Standard (DSS). (more…)
So I’ll admit I’m relatively new to the PCI Compliance arena. That said, I’ve been working with technology and financial companies for the last 15 years and while I’ve seen topics come & go; PCI Compliance is here to stay. I’ve noticed some commonalities from the folks I’ve spoken with recently and I wanted to share some of my favorites. (more…)
The Payment Card Industry Data Security Standard, or PCI DSS, provides a well-defined list of security requirements, but many organizations are left with more questions than answers when it comes to determining how best to address each requirement in a manner that will be considered acceptable for PCI compliance. (more…)
Maintaining network documentation for PCI Compliance. The PCI Data Security Standard (PCI DSS) is a set of about 200 prescriptive technical and process-centric requirements intended to help organizations proactively secure credit card data. Entities that store, process or transmit credit card data, including merchants, service providers and card issuers of all sizes, are required to comply with the PCI DSS. (more…)