Tag Archive for: audit

Your journey toward IAM maturity requires the right MAP

/in , , , , , , , , , , , , , , /by
Read more

Minding your P’s and P’s

/0 Comments/in , /by

It seems that there is a constant barrage of regulations and standards that businesses must comply with. Every quarter there is a new audit; SOX, GLBA, HIPAA, PCI, and the list goes on. Businesses try to accommodate these requirements by adopting structured governance model which presents their own requirements, seldom aligning perfectly with the others. Fortunately, there is a common thread woven into all these business detractions. If managed properly, that thread can be a lifeline to save much of the time and effort required to meet regulatory requirements. So what is this thread? It’s your policies and procedures.

Policies and procedures are the foundations of your businesses activities. They are the rules that you play by. They also can make up much of the evidence required by auditors to show that you understand and intend to comply with whatever regulation or standard being applied at that moment. Policies are high level management directives. They are designed to indicate to the company’s workers that management has made a commitment to something which they expect the staff to uphold. Policies are typically general in nature. Specifics are usually in the domain of the procedure. Read more

The Importance of Hiring an Experienced, Qualified Security Assessor for Your PCI-Compliance Audit

/0 Comments/in , , , , , /by

With the stiff penalties associated with failure to meet standards set by the PCI Security Council, ensuring that your company remains compliant and avoids security breaches requires regular PCI compliance audits. Hiring qualified security assessors can help you avoid a number of potential pitfalls associated with audits. Opting to hire the most experienced candidates offers a number of benefits, including:

  • Getting it Done Right
    In 2004, CardSystems Solutions was hacked, resulting in 263,000 stolen credit cards and roughly 40 million compromised. This breach occurred despite their security auditor giving them a clean audit just three months prior. Hiring experienced PCI compliance auditors to perform your audits lessens the likelihood of potentially costly mistakes.
  • Continued Security
    Experienced PCI compliance auditors not only understand current standards, but they understand the areas in which the current standards fall short. This allows you to proactively anticipate security risks and protect your customers’ data. Understanding the current problems, as well as the next generation of threats, allows you to remain in compliance and prevent costly security breaches. Read more

Leveraging Centralized Log Management in a PCI DSS Environment

/1 Comment/in , , , , , /by

Enterprise environments generate vast amounts of log data on their own before even being required to meet PCI DSS section 10 logging requirements. When taking into account the volume of logs from the large variety of sources across a network it is important to find an effective and efficient manner to address this data. IT departments could easily dedicate one full time employee to this task alone when logs are decentralized across the organization and need to be reviewed, at times, on a daily basis. Admins also face the daunting task of having a working knowledge of the vast array of system interfaces used to access and review this data where it is stored by default. Obviously this configuration is highly inefficient as well as impractical. The only logical solution to meet the PCI DSS required logging volume as well as the review requirements is a centralized log management system. PathMaker Group offers such a solution, built on a SaaS platform, that can provide the necessary functionality, usability, and reporting that PCI DSS requires. Read more

PCI Updates

/0 Comments/in , , , , , /by

I thought i would take a few minutes to wish everyone happy holidays and a very prosperous 2011. I also noticed that I hadn’t blogged in a while so I thought I do a little of that…

This blog provides a few updates and observations related to the following:

  • PCI DSS v1.2.1 to PCI DSS v2.0 transition – very well defined, except for the cut-over date. The bottom line is that the PCI SSC is encouraging all merchants and service providers to convert as soon as possible, but at the same time saying everyone has until New Years Eve 2011 (one year).
  • PCI DSS and PA-DSS v2.0 Scoring Templates – QSAs can’t plan their projects without the new Scoring Templates. This will stall migrations.
  • Sampling And ASV Scanning Do Not Mix – this wasn’t a like a free lunch but some still manage to screw it up…
  • PCI DSS Timeline Clarification Read more

Log Management the Easy Way!

/2 Comments/in , , /by

The Need for Effective Log Management

Log Management is a necessity for regulatory compliance and essential to maintaining a positive security posture in your environment. As your IT organization evolves to comply with today’s regulations and defend against new network security threats, you should choose a solution that avoids expensive maintenance and operating costs, reduces the number of resources needed to maintain and support your solution, and most importantly provides the most effective log management solution on the market today.

Our SaaS offering collects log data via an agentless collection device and provides log storage, reporting, correlation and monitoring leveraging our grid computing and storage architecture in our highly secure redundant datacenters. Read more