Page 40 - index
P. 40
allowing the IT security professionals to track and monitor all access to network resources
and cardholder data. Relevant log information that is needed to comply with the PCI DSS
requirements has to be enabled on all systems that fall in the scope of PCI DSS.
2. Central Log Aggregation
PCI DSS compliance requires enterprises to collect log data from network systems at a
centralized place for effective reporting, security and analysis. IT security managers should
have a universal log collection tool that can aggregate logs from heterogeneous sources —
including Windows systems, Unix/Linux systems, applications, databases, routers and
switches — at a central location.
3. Continuous Log Reviewing
Monitoring log data is not a one-time task that will keep you compliant with PCI DSS. IT
security professionals should review their log data continuously to detect anomalous
security events. Log analysis tools should be deployed so that the actionable security data is
presented in graphs and charts on a dashboard. IT security managers should be able to
quickly drill down into the data on the dashboard and perform a root cause analysis to
identify why a security activity happened.
4. Log Retention
Log data collected from all network systems must be stored for one year, per PCI DSS
compliance requirements. Enterprises should archive, in a central repository, all log data
generated by network systems, devices and applications within their PCI DSS scope.
Archived log data should be easily accessible for forensics investigation, thereby helping
security professionals to drill down into the log data and perform root cause analysis to
identify the event activity that caused the network problem.
5. Log Protection
PCI DSS compliance mandates protection of log data to avoid tampering and deletion.
Enterprises should encrypt the log data files to ensure that the log data is secured for future
forensic analysis as well as compliance or internal audits. Hashing and time stamping can
also be used to secure the log data and make it tamperproof. Log data can also be
protected by using file integrity monitoring (FIM) solutions, as discussed in the next point.
6. Monitoring File Integrity
PCI DSS compliance dictates that enterprises use change-detection mechanisms such as
file integrity monitoring tools to protect all sensitive data related to customers’ payment
cards. Security professionals need to centrally track all changes to their files and folders,
such as when files and folders are created, accessed, viewed, deleted, modified, renamed
and much more. File integrity monitoring tools allow IT security managers to make quick
40 Cyber Warnings E-Magazine – October 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
