One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1892289 |
| Date de publication | 2020-09-01 11:00:00 (vue: 2020-09-01 11:12:37) |
| Titre | PCI DSS logging requirements explained |
| Texte | This blog was written by an independent guest blogger. As a consumer, I feel more confident about using my credit card online and in brick-and-mortar stores when I know retailers are being careful about PCI DSS compliance. Breached financial credentials can wreak havoc not only on the lives of consumers, but also on the well-being of merchant businesses. I think the PCI DSS is an excellent example of how security standards can be improved when organizations cooperate and collaborate. Prior to the first version of PCI DSS in December 2004, Visa, MasterCard, American Express, Discover, and JCB each had their own separate card processing security standards. Imagine being a retailer taking those multiple methods of payment and having different compliance standards for each one! So the invention of PCI DSS made payment security simpler for business. Still, there’s a lot retailers and restaurants should know about PCI DSS’s logging requirements. Fortunately, you’ve found a quick guide which should make the logging requirements easier to understand. While you’re here, I also recommend finding answers to any questions you may have on the PCI Security Standards website. So, let’s get started! Here’s what you need to know to help make PCI DSS compliance easy as far as logging requirements are concerned. 8 tips for PCI DSS requirements Always keep PCI DSS Requirement 10 in mind-- track and monitor all access to network resources and cardholder data! This is the Golden Rule of PCI DSS logging compliance. Let this be your motto for all of the other details to be guided by. If you ever wonder whether or not a network vector or any component of your point of sale (POS) system should be logged, it’s better to log everything than not log enough. There are log analysis tools and SIEM systems you can route all of your network logs through to help make thorough logging manageable-- whether your networks are on premises, on the cloud, or a hybrid. Absolutely all actions in your network should be recorded and attributable to a specific user or process. Protect access to your logs. Only administrators should be able to view or make any changes to your logs and audit trails. And everything an administrator does in your POS systems and other networks should also be logged and attributable to them. If any user who isn’t an administrator can view or modify your logs, the integrity of your POS data will be at risk unnecessarily. Each user in your networks must have a unique username. Do not let more than one human being have a user account or specific username in your network. If any action a person conducts in your networks can’t be attributed to a specific individual, PCI DSS compliance audits will likely fail. Examine your logs on a regular basis. Otherwise, you cannot be sure of the integrity and reliability of your logging. You could fulfill this requirement by having a specifically trained person look at your logs manually. But it’d likely be more effective to utilize automated tools for log analysis and event monitoring. Plus, your organization will be better able to prevent cyber incidents before they can do harm to your POS systems and your retail organization as a whole. Timing is everything. Therefore, you must make sure that the time clocks which guide your systems and applications are set accurately. The timestamps in your logs will be made based on the time set in your applications and devices. Proper system configuration can make adjustments for events like when daylight savings time starts and ends, automatically. Whether a customer makes a purchase, or an unauthorized user tries to access your sensitive POS data, you must know exactly when it happened in order to have logs which me |
| Envoyé | Oui |
| Condensat | 2004 able about absolute absolutely access accesses account accurately achieve action actions adjustments administrative administrator administrators affected all also always american analysis answers any anytime applications are attempts attributable attributed audit audits authentication automated automatically based basis before being better blog blogger breached brick business businesses but can can’t cannot card cardholder careful cessation changes clearing clocks cloud collaborate compliance component concerned conducts confident configuration consumer consumers contain cooperate could creation credentials credit critical customer cyber data date daylight december deletion details devices different discover does dss dss’s each easier easy effective eight ends enough even event events ever everything exactly examine example excellent explained express fail failure far feel financial finding first following fortunately found from fulfill generated get golden guest guide guided had happened harm have having havoc help here here’s how human hybrid identity imagine improved incidents independent indication individual information: integrity invalid invention isn’t it’d it’s jcb keep know least let let’s level like likely lives log logged logging logical logs longer look lot made make makes manageable manually mastercard may mechanisms meet merchant methods mind mindful modify monitor monitoring more mortar motto much multiple must name need network networks not objects one online only order organization organizations origination other otherwise own pass pausing payment pci person plus point pos premises prevent prior process processing proper protect purchase questions quick recommend recorded regular reliability requirement requirements resource resources restaurants retail retailer retailers retain risk root route rule sale savings secure security sensitive separate set should siem simpler specific specifically standards started starts stores success sure system systems taking than them there’s therefore these think thorough those through time timestamps timing tips tools track trails trained tries type unauthorized understand unique unnecessarily usage user username using utilize vector version view visa website well what when whether which who whole will wonder wreak written year you’d you’re you’ve your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.