« IT Auditors Turn To Cobit For Sarb-OX Guidance | Main | The Log Management End Game »
A Short Primer On PCI Compliance
If you're a credit card merchant, service provider or retailer who processes, stores and transmits cardholder data, you have a fiduciary responsibility to protect that data. But with data volumes increasing exponentially and tolerance among regulators and consumers falling to new lows, meeting that responsibility is indeed challenging.
The Payment Card Industry (PCI) Data Security Standard, resulting from collaboration between Visa and MasterCard, provides a solid framework for safeguarding credit card data with 12 specific requirements, many of which can only be met with log management and intelligence. Included are specific mandates related to log data.
The PCI standard applies to store merchants, banks, service providers and card processors. And that's not all. PCI extends to all system components connected to cardholder data environments, including network components (firewalls, switches, routers, security appliances, etc.); servers (web, proxy, database, email, authentication, etc.) and applications, both internal and external. In other words, PCI compliance is a lot of work.
The process of complying with PCI compliance can be viewed in three stages:
1) Collection and storage-You must be collecting and securely storing all log data so that it is available for analysis, yet tamper-proof and secure.
2) Reporting-You must be able to prove compliance on the spot if audited, and present evidence that controls are in place for protecting data.
3) Monitoring and alerting-You must have systems in place, such as auto-alerting, to help constantly monitor access and usage so that administrators are warned of problems immediately and can rapidly address them. These systems should also extend to the log data itself - can you prove that log data is being collected and stored?
An LMI solution like LogLogic helps companies reduce the labor and costs associated with PCI compliance by automating these three steps. The solution provides collection and secure storage of 100% of log data collected from all devices, servers and applications, along with compliance-specific reporting templates that organize data quickly and accurately to satisfy auditors. Finally, the solution allows administrators to set custom alerts and continuously monitor network activity.
Complying with PCI, merchants and service providers not only meet their obligations to the payment system but create a culture of security and operations effectiveness that benefits everyone. PCI compliance limits risk and builds confidence in the payment industry, and safeguards data from all types of payment network fraud. Which goes to show that what is good for the bottom-line can also be good for the top-line.
Posted June 06, 2006 in Compliance , Innovation | Permalink
TrackBack
TrackBack URL for this entry:
http://www.loglogic.com/mt/mt-tb.cgi/54
November 2007
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 |
Categories
Archives
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005