This white paper highlights why organizations need to implement event log auditing as an integral part of their security policy to meet industry standards such as the Payment Card Industry Data Security Standard (PCI DSS).
Automated event log management for
PCI DSS compliance
A practical approach to effective network security
This white paper highlights why organizations need to implement event log auditing as an integral part of their security policy to meet industry standards such as the Payment Card Industry Data Security Standard (PCI DSS).
WWW.GFI.COM Introduction Hardware and software components on corporate networks generate a wealth of network activity information in the form of event log records. Utilizing and making sense of these records is however a slow and tedious process; one which often leads systems administrators to give up on using event logs as their primary source for network-wide security information. Today, industry standards such as the Payment Card Industry Data Security Standard (PCI DSS) have made the auditing of IT infrastructure logs a compulsory undertaking; making event log management a task that cannot be ignored or put aside anymore.
Introduction....................................................................................................................................2 The need for PCI DSS...................................................................................................................2 PCI DSS and event log auditing: What is the connection? ...........................................................3 Consequences and implications of non-compliance.....................................................................3 The aches and pains of event log management ...........................................................................4 GFI EventsManager ......................................................................................................................7 Conclusion.....................................................................................................................................7 About GFI ......................................................................................................................................8
The need for PCI DSS PCI DSS is a collection of best practice procedures that attempt a drastic reduction of credit card fraud. Its main objective is the setting in motion of a cultural shift towards a more security-centric mentality in all businesses operating within the payment card industry. This need arises from the fact that credit card fraud has sky-rocketed in the last few years, leading to an astounding financial loss of $3028.8 million in the US alone in 2006 (ePaynews.com, 2006). The rise in fraud levels is fuelled by 3 factors:
1. The availability and sheer simplicity of e-commerce, which conveniently overcomes geographical boundaries and, often, any protection offered by local laws and regulations.
2. The high availability of "plastic money" for consumer purchases in all industrialized nations. 3. Substandard security practices implemented by merchants and merchant service providers that store, process and transmit unprotected payment card details without taking precautions against whoever might tap into this information.
To counter credit/debit card fraud, the 5 major card companies (Visa International, MasterCard Worldwide, American Express, JCB and Discover Financial Services) designed a strong security framework to reinforce payment card transaction security. The result of their efforts was the Payment Card Industry Data Security Standard (PCI DSS).
WWW.GFI.COM Automated event log management for PCI DSS compliance . 3
PCI DSS compliance is today the irrefutable responsibility of all businesses handling cardholder data including retail, mail orders, telephone orders and e-commerce - irrespective of business size.
PCI DSS and event log auditing: What is the connection? Swiping a credit card at a merchant's shop or clicking the 'purchase' button on an e-commerce website triggers a number of background processes (e.g. transaction validation process) - all of which generate event log entries on servers, security applications, hardware components and lots of other places across the network. Similarly, classic computer attacks and hacks such as dictionary and brute force password attacks generate event log entries in the security logs of your IT infrastruc... [download for more]
