Page 39 - index
P. 39
To meet PCI DSS requirements 10 and 11.5, the log data generated by the network systems
has to be collected at a central place and monitored in real time to track all anomalous activities
happening on the network. IT environments consist of heterogeneous network devices, systems
and applications that generate a huge amount of log entries every day. Manually monitoring log
entries and critical files is impossible given the sheer volume of data that is generated on a daily
basis. Automation is the only solution to fulfill PCI DSS requirements 10 and 11.5.
Log Data and File Monitoring Automation Framework
Let us now discuss the log data and file monitoring automation framework that businesses can
implement to comply with PCI DSS requirements 10 and 11.5, thereby securing cardholder data
and mitigating payment card fraud.
1. Logging
Identifying the network devices and systems that will be used to store, process and transmit
card data information is the first step to attaining PCI DSS compliance. Logging should be
enabled for all network systems and devices that fall in the scope of PCI DSS, thereby
39 Cyber Warnings E-Magazine – October 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide