Bonjour,
Continuing our discussion on SIM through Compliance, you might be aware, that EventLog Analyzer currently provides support for: (SOX) SARBANES-OXLEY, (HIPAA) HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT and (GLBA) GRAMM-LEACH BlLILEY ACT and now we are contemplating extending our compliace reporting initiative to include support for PCI DSS.
For the uninitiated, PCI DSS stands for Payment Card Industry Data Security Standard. PCIDSS Requirements apply to all Members, merchants, and service providers that store, process or transmit cardholder data. Additionally, these security requirements apply to all ?system components? which is defined as any network component, server, or application included in, or connected to, the cardholder data environment. Network components, include, but are not limited to, firewalls, switches, routers, wireless access points, network appliances, and other security appliances. Servers include, but are not limited to, web, database, authentication, DNS, mail, proxy, and NTP. Applications include all purchased and custom applications, including internal and external (web) applications.
PCI forms the framework for VISA’s CISP (Cardholder Information Security Program ) and MasterCard’s SDP (Site Data Protection).
The PCI DSS has 12 basic requirements (with subsequent sub-requirements), which reads as follows:
>> Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
>> Protect Cardholder Data
Requirement 3: Protect stored data
Requirement 4: Encrypt transmission of cardholder data and sensitive information across public networks
>> Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
>> Implement Strong Access Control Measures
Requirement 7: Restrict access to data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
>> Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes.
>> Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
Do let us know your requirements for PCI compliance support in EventLog Analyzer and we will surely look into your request.
Au revoir!
AJ
Help others find this article:
| 
| 
| 
SIM through Compliance
admin July 17, 2006
Author: parthasarathi
Mood: Cool I came across an article in S-OX
| Quote: |
| Compliance is defined as being in accordance with authoritative requirements. That means being up to date on guidelines, processes and practices. These processes and practices are oriented around such requirements as:? Only authorized user/systems can access and modify specific information they require,? The privacy and integrity of the information and systems must be maintained and assured,
? Audit records are maintained and indisputable, and ? Operational best practices are in place and improved. Regulations, today, may differ in substance but tend to create a group of common requirements. These requirements include: ? Event collection and retention, ? Activity review and assessment, ? Data integrity and chain-of-custody, ? Use audit reduction tools, ? Investigation and forensic analysis, and ? Reporting to and by appropriate personnel. Most security event management (SEM) and security information management (SIM) solutions focus on incident response ? consolidating alerts to respond to visible threats and attacks. And, that?s important. But, as will be evident, the back end of the SIM process ? event data analysis and retention used for reporting, audit and investigation ? is usually half-baked. As a result, compliance support is often spotty. |
So as mentioned, Compliance is an important Security Information Management(SIM) solution.
Let us see how EventLogAnalyzer(ELA) fairs against the above compliance requirements.
ELA provides reports which meet
HIPAA(Health Insuraance Portability and Accountability Act),
SOX(Sarbanes-Oxley) and
GLBA(Gramm-Leach-Bliley Act) security standards under Compliance.
Currently ELA provides the following reports under Compliance section which meets the above security standards.
1. Successful User Logons - Identifies all the user logon events
EventIDs supported: (528,540)
2. User Logoffs - Tracks all the user logoff events
EventIDs supported: 538
3. Logon Failures - Tracks all the failed user logon events
EventIDs supported: (529, 530, 531, 532, 533, 534, 535, 536, 537, 539)
4. Audit Policy Changes - Tracks all the changes done in the audit policy
EventIDs supported: 612
5. Audit Logs Cleared - Tracks all the audit logs clearing events
EventIDs supported: 517
6. Object Access - Identifies when a given object (File, Directory, etc.) is accessed, the type of access (e.g. read, write, delete) and whether or not access was successful/failed, and who performed the action
EventIDs supported: (560,562,563,564,565,566,567,568)
7. System Events - Identifies local system processes such as system startup and shutdown and changes to the system time
EventIDs supported: (512,513,514,515,516,518,519,520)
8. User Account Changes - Identifies all the changes done on an user account like user account creation,deletion, password change etc.,
EventIDs supported: (624,625,626,627,628,629,630,642,644)
9. User Group Changes - Identifies all the changes done on an user group such as adding or removing a global or local group, adding or removing members from a global or local group,etc..
EventIDs supported: (631 - 641) and (643 - 646)
10. Successful User Account Validation - Identifies successful user account logon events, which are generated when a domain user account is authenticated on a domain controller
EventIDs supported: (672,680)
11. Failed User Account Validation - Identifies unsuccessful user account logon events, which are generated when a domain user account is authenticated on a domain controller.
EventIDs supported: (675,681)
If you would like to enhance the compliance reports further, do let us know.
Thank You,
Parthasarathi
Help others find this article:
| | |
Welcome to EventLog Analyzer Blogs!
It gives me immense pleasure to welcome you to the EventLog Analyzer team’s scribblings. This would be our way of having informal exchanges about everything under the sun, which would of course include discussions on EventLog Analyzer.
Here, you would get to meet the young team behind this product, discuss with them and have some mutually wonderful learning experience.
Thank You
AJ
Help others find this article:
| | |
