Page 38 - index
P. 38
Be Audit-Ready for PCI DSS 3.0 Compliance by Monitoring Log
Data and Critical Files in Real Time
By Joel John Fernandes, Senior Product Marketing Analyst, ManageEngine
PCI DSS 3.0 compliance has gained worldwide acceptance by card service providers — card
issuers, banks and merchants — that plan to protect their customers’ cardholder data from
being misused. PCI DSS 3.0 has 12 security requirements concerning the protection of
cardholder data. All businesses that accept, store, process or transmit customers’ card data
either online or offline have to adhere to those requirements.
PCI DSS requirements 10 and 11.5 are considered to be the most challenging to fulfill for
securing and protecting customers’ payment card data from threats. Below are the descriptions
for requirements 10 and 11.5 as found on the PCI Security Standards Council web site.
Requirement 10: Track and monitor all access to network resources and cardholder
data. Logging mechanisms and the ability to track user activities are critical in
preventing, detecting or minimizing the impact of a data compromise. The presence of
logs in all environments allows thorough tracking, alerting and analysis when something
does go wrong. Determining the cause of a compromise is very difficult, if not
impossible, without system activity logs.
Requirement 11.5: Deploy a change-detection mechanism (for example, file-integrity
monitoring tools) to alert personnel to unauthorized modification of critical system files,
configuration files or content files; and configure the software to perform critical file
comparisons at least weekly.
PCI DSS requirement 10 pushes enterprises to gain security intelligence to know the “who,
what, where and when” of users accessing the network resources and cardholder data, whereas
PCI DSS requirement 11.5 focuses on the protection of critical files from unauthorized access.
In simple terms, PCI DSS requirements 10 and 11.5 are put in place so that enterprises can
easily analyze the complete user audit trail to identify:
• Who is logging into their systems
• When they logged into the systems
• What activities they carried out on the systems
• Whether they accessed system files and other network resources
38 Cyber Warnings E-Magazine – October 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
