Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Log Monitoring, FIM– PCI DSS, ISO 27001,
HIPAA, FISMA and EI3PA
By Kishor Vaswani, CEO - ControlCase
Agenda
• ControlCase Overview
• About PCI DSS, ISO 27001, HIPAA, FISMA and EI3PA

• Components of a scalable solution
• Ch...
ControlCase Overview
• More than 400 customers in more than 40
countries.
• Recognized as a Inc 500/5000 company.
• Contin...
About PCI DSS, ISO 27001, HIPAA,
FISMA and EI3PA
What is PCI DSS?
Payment Card Industry Data Security Standard:

• Guidelines for securely processing, storing, or
transmit...
What is FISMA
• Federal Information Security Management Act
(FISMA) of 2002
› Requires federal agencies to implement a man...
What is EI3PA?
Experian Security Audit Requirements:

• Experian is one of the three major consumer
credit bureaus in the ...
What is HIPAA
• HIPAA is the acronym for the Health Insurance
Portability and Accountability Act that was
passed by Congre...
What is ISO 27001/ISO 27002
ISO Standard:

• ISO 27001 is the management framework for
implementing information security w...
Components of a solution
Logging and Monitoring
Reg/Standard

Coverage area

ISO 27001

A.7, A.12



Logging



File Integrity Monitoring



24X...
Components of a Logging/FIM/Monitoring solution
List of
Assets
Log
Generati
on

Incident
Management

FIM
Alerts

Change
Ma...
Assets
• Comprehensive asset list during deployment

• Continuous monitoring for new assets and
assets dropping off
• Corr...
Log Generation
•
•
•
•
•

Servers – syslog, Windows logs
Network devices – syslog, SNMP, SDEE
Security devices – syslog, S...
FIM Alerts
• Agents such as ossec

• Software such as ControlCase HIDS, Tripwire etc.
• Integration with log alerts
• Moni...
Security Information and Event Management

• Consolidated alerts from
›
›
›
›

Syslog
Custom sources
FIM alerts
SFTP

• Co...
Centralized Dashboard
Example of 24X7X365 Monitoring
Change Management and Monitoring
Escalation to incident for unexpected logs/alerts

Response/Resolution process for expect...
Incident and Problem Management






Monitoring
Detection
Reporting
Responding
Approving

Reg/Standard

Coverage are...
Challenges in Logging and Monitoring
Space
Challenges
•
•
•
•
•
•
•

Long deployment cycles
Skills to manage the product(s)
Management of infrastructure
Disparate co...
ControlCase Solution
Learn more about continual compliance ….
Compliance
as a Service
(Caas)
ControlCase Log Management Solution
Customer Location

Service Provider

ControlCase SOC

•Agents are installed on
each Wo...
Why Choose ControlCase?
• Global Reach
› Serving more than 400 clients in 40 countries and rapidly growing

• Certified Re...
To Learn More About PCI Compliance or Data Discovery…

• Visit www.ControlCase.com

• Call +1.703.483.6383 (US)
• Call +91...
Thank You for Your Time
Upcoming SlideShare
Loading in …5
×

Log Monitoring, FIM– PCI DSS, ISO 27001, HIPAA, FISMA and EI3PA

2,340 views

Published on

Log Monitoring, FIM– PCI DSS, ISO 27001, HIPAA, FISMA and EI3PA

Published in: Technology
  • Be the first to comment

Log Monitoring, FIM– PCI DSS, ISO 27001, HIPAA, FISMA and EI3PA

  1. 1. Log Monitoring, FIM– PCI DSS, ISO 27001, HIPAA, FISMA and EI3PA By Kishor Vaswani, CEO - ControlCase
  2. 2. Agenda • ControlCase Overview • About PCI DSS, ISO 27001, HIPAA, FISMA and EI3PA • Components of a scalable solution • Challenges • Q&A
  3. 3. ControlCase Overview • More than 400 customers in more than 40 countries. • Recognized as a Inc 500/5000 company. • Continued focus on PCI DSS and Compliance as a Service (CAAS). • Continued update and use of technology based on feedback from customers (including many in this room)
  4. 4. About PCI DSS, ISO 27001, HIPAA, FISMA and EI3PA
  5. 5. What is PCI DSS? Payment Card Industry Data Security Standard: • Guidelines for securely processing, storing, or transmitting payment card account data • Established by leading payment card issuers • Maintained by the PCI Security Standards Council (PCI SSC)
  6. 6. What is FISMA • Federal Information Security Management Act (FISMA) of 2002 › Requires federal agencies to implement a mandatory set of processes, security controls and information security governance • FISMA objectives: › Align security protections with risk and impact › Establish accountability and performance measures › Empower executives to make informed risk decisions
  7. 7. What is EI3PA? Experian Security Audit Requirements: • Experian is one of the three major consumer credit bureaus in the United States • Guidelines for securely processing, storing, or transmitting Experian Provided Data • Established by Experian to protect consumer data/credit history data provided by them
  8. 8. What is HIPAA • HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. HIPAA does the following: › Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs; › Reduces health care fraud and abuse; › Mandates industry-wide standards for health care information on electronic billing and other processes; and › Requires the protection and confidential handling of protected health information
  9. 9. What is ISO 27001/ISO 27002 ISO Standard: • ISO 27001 is the management framework for implementing information security within an organization • ISO 27002 are the detailed controls from an implementation perspective
  10. 10. Components of a solution
  11. 11. Logging and Monitoring Reg/Standard Coverage area ISO 27001 A.7, A.12  Logging  File Integrity Monitoring  24X7 monitoring PCI 6, 11  Managing volumes of data EI3PA 10, 11 HIPAA 164.308a1iiD FISMA SI-4
  12. 12. Components of a Logging/FIM/Monitoring solution List of Assets Log Generati on Incident Management FIM Alerts Change Management 24X7x36 5 monitori ng Centraliz ed Dashboar d Correlati on using SIEM
  13. 13. Assets • Comprehensive asset list during deployment • Continuous monitoring for new assets and assets dropping off • Correlation with other sources such as scanning and asset management repositories • Alerts in case of new assets and assets dropping off
  14. 14. Log Generation • • • • • Servers – syslog, Windows logs Network devices – syslog, SNMP, SDEE Security devices – syslog, SNMP, SDEE Mainframes – SFTP, flat files Databases – Localized logging, database logging software in case local logging is resource intensive • Applications – Database lookup, SFTP, custom plugins
  15. 15. FIM Alerts • Agents such as ossec • Software such as ControlCase HIDS, Tripwire etc. • Integration with log alerts • Monitoring vs. expected changes
  16. 16. Security Information and Event Management • Consolidated alerts from › › › › Syslog Custom sources FIM alerts SFTP • Correlation of data based on › › › › › Source/Destination IP addresses Source of alerts Vulnerabilities Past history User performing action
  17. 17. Centralized Dashboard
  18. 18. Example of 24X7X365 Monitoring
  19. 19. Change Management and Monitoring Escalation to incident for unexpected logs/alerts Response/Resolution process for expected logs/alerts Reg/Standard Coverage area ISO 27001 A.10 PCI 1, 6, 10 EI3PA 1, 9, 10 FISMA SA-3 Correlation of logs/alerts to change requests Change Management ticketing System Logging and Monitoring (SIEM/FIM etc.)
  20. 20. Incident and Problem Management      Monitoring Detection Reporting Responding Approving Reg/Standard Coverage area ISO 27001 A.13 PCI 12 EI3PA 12 HIPAA 164.308a6i FISMA IR Series Lost Laptop Changes to firewall rulesets Upgrades to applications Intrusion Alerting
  21. 21. Challenges in Logging and Monitoring Space
  22. 22. Challenges • • • • • • • Long deployment cycles Skills to manage the product(s) Management of infrastructure Disparate components – FIM, syslog etc. 24X7X365 monitoring Increased regulations Reducing budgets (Do more with less)
  23. 23. ControlCase Solution
  24. 24. Learn more about continual compliance …. Compliance as a Service (Caas)
  25. 25. ControlCase Log Management Solution Customer Location Service Provider ControlCase SOC •Agents are installed on each Workstation •Agents monitor File changes for the File Integrity Monitoring (FIM) requirement and also gather and transmit all logs relevant from a compliance perspective to the Log Collector/Sensor on our Appliance • ControlCase appliance registers and tracks all agents in the field •The sensor/collector collects and compresses logs coming in from the various agents •The logs are finally transported securely to our SIEM console in our Security Operations Center (SOC) •The SIEM console gathers all the logs, correlates them and identifies threats and anomalies as required by compliance regulations •SOC personnel monitor the SIEM console 24x7x365 and alert our clients and our Analyst teams about any potential issues
  26. 26. Why Choose ControlCase? • Global Reach › Serving more than 400 clients in 40 countries and rapidly growing • Certified Resources › PCI DSS Qualified Security Assessor (QSA) › QSA for Point-to-Point Encryption (QSA P2PE) › Certified ASV vendor › Certified ISO 27001 Assessment Department › EI3PA Assessor › HIPAA Assessor
  27. 27. To Learn More About PCI Compliance or Data Discovery… • Visit www.ControlCase.com • Call +1.703.483.6383 (US) • Call +91.9820293399 (India) • Kishor Vaswani (CEO) – kvaswani@controlcase.com
  28. 28. Thank You for Your Time

×