Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
•
1 like•358 views
- What is Log Management and FIM - PCI DSS, EI3PA, ISO 27001 requirements - Log Management and regulation requirements/ mapping - File Integrity Monitoring and regulation requirements/ mapping - Challenges
Recommended
More Related Content
What's hot
What's hot (19)
Similar to Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
Similar to Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001 (20)
More from ControlCase
More from ControlCase (20)
Recently uploaded
Recently uploaded (20)
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
- 1. Log Monitoring & File Integrity Monitoring (FIM) Presented by ControlCase
- 2. ControlCase Introduction Relevance of logging About Certifications - PCI DSS - ISO 27001 - HIPAA Components of logging/FIM solution AGENDA Challenges Q&A 2
- 3. CORPORATE OVERVIEW ControlCase™ Making Compliance Effortless Over 500 clients across the US, CEMEA, Europe, Latin America and Asia/Pacific regions, Headquartered in the Washington, DC metro area (Fairfax, VA) ControlCase office or partnership locations include the US, Canada, Colombia, India, UK, KSA, Japan, Indonesia, Vietnam, Philippines, Kuwait, Malaysia, Brazil and Dubai Unique offerings brings Peace of Mind to Compliance 3
- 4. PCI DSS Qualified Security Assessor (QSA) Company ASV: Authorized Security Vendor ISO 27001 & 27002 International Organization for Standardization SOC 1, SOC 2, SOC 3, & SOC for Cybersecurity Service Organization Controls (AICPA) HITRUST CSF Health Information Trust Alliance Common Security Framework (CSF) HIPAA Health Insurance Portability and Accountability Act NIST 800-53 National Institute of Standards and Technology GDPR General Data Protection Regulation MARS-E Minimum Acceptable Risk Standards for Exchanges EI3PA Experian Independent Third Party Assessment Microsoft SSPA Supplier Security and Privacy Assurance Third Party Risk Assessor Shared Assessments Program Certified product licensee for SIG and AUP PA-DSS Payment Application Qualified Security Assessor (QSA) CREDENTIALS 4
- 5. About PCI DSS, FISMA, HIPAA and ISO 27001
- 6. What is PCI DSS Payment Card Industry Data Security Standard: • Guidelines for securely processing, storing, or transmitting payment card account data • Established by leading payment card issuers • Maintained by the PCI Security Standards Council (PCI SSC) 6
- 7. What is FISMA • Federal Information Security Management Act (FISMA) of 2002 – Requires federal agencies to implement a mandatory set of processes, security controls and information security governance • FISMA objectives: – Align security protections with risk and impact – Establish accountability and performance measures – Empower executives to make informed risk decisions 7
- 8. What is HIPAA • HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. HIPAA does the following: – Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs; – Reduces health care fraud and abuse; – Mandates industry-wide standards for health care information on electronic billing and other processes; and – Requires the protection and confidential handling of protected health information 8
- 9. What is ISO 27001/ISO 27002 ISO Standard: • ISO 27001 is the management framework for implementing information security within an organization • ISO 27002 are the detailed controls from an implementation perspective 9
- 10. Compliance and Security Topics covered by log monitoring & File Integrity Monitoring (FIM)
- 11. Logging and Monitoring 11 Reg/Standard Coverage area ISO 27001 A.7, A.12 PCI 6, 11 EI3PA 10, 11 HIPAA 164.308a1iiD FISMA SI-4 Logging File Integrity Monitoring 24X7 monitoring Managing volumes of data
- 12. Change Management and Monitoring 12 Escalation to incident for unexpected logs/alerts Response/Resolution process for expected logs/alerts Correlation of logs/alerts to change requests Change Management ticketing System Logging and Monitoring (SIEM/FIM etc.) Reg/Standard Coverage area ISO 27001 A.10 PCI 1, 6, 10 EI3PA 1, 9, 10 FISMA SA-3
- 13. Incident and Problem Management 13 Monitoring Detection Reporting Responding Approving Lost Laptop Changes to firewall rulesets Upgrades to applications Intrusion Alerting Reg/Standard Coverage area ISO 27001 A.13 PCI 12 EI3PA 12 HIPAA 164.308a6i FISMA IR Series
- 14. Log Monitoring & FIM solution components
- 15. Components of a Solution 15 In Scope Asset List Status of Reporting Logging & Monitoring Matrix Alarms Daily Reports Dashboards Triangulation Discrepancy Updating Asset List
- 16. In Scope Asset List 16
- 17. Status of Reporting 17 Reporting assets Not reporting assets Sample reasons why assets stop reporting - FIM agent disconnection - Misconfigured firewall ruleset - Loss in network connectivity - Change is server or device configuration - Change in log settings
- 18. Logging and Monitoring Matrix 18 - PCI 10.2.x - PCI 12.10.5 - PCI 10.7 - PCI 10.8 - PCI 11.5 - PCI 1.3.x - PCI 8.1.5 - Other compliance use cases - Disconnected Systems - Surge in traffic - Other Business as Usual cases Use Cases - Servers - IDS/IPS - Databases - Antivirus - Firewalls Source of Log - Individual Access to PII - Actions by root/admin - Failed login attempts - Monitor IDS/IPS events - Malware Events - Disconnected Systems - File Integrity Monitoring - User Access Trigger Points
- 19. Alarms – Security Use Cases 19 Monitor IDS/IPS events Customer IDS/IPS 12.10.5 List of malware infected systems Customer Antivirus Solution 10.7 List of systems not within baseline of log volume Customer Servers and Databases, Firewalls Monitor surge in log traffic Customer Servers and Databases, Firewalls
- 20. Daily Reports – Compliance Use Cases 20 Trigger points Source of log PCI Requirement Individual user access to card data Customer Servers and Databases 10.2.1 Actions taken by root or admin access Customer Servers and Databases, Firewalls, IDS/IPS 10.2.2 Failed login attempts Customer Servers and Databases, Firewalls, IDS/IPS 10.2.3
- 22. Updating Asset List using Triangulation 22 Updated Asset List Identity and Access Management Data Asset List Vulnerability Data
- 23. Challenges in Logging and Monitoring Space
- 24. #ALLMYDATA 24 #ALLMYDATA • Long deployment cycles • Skills to manage the product(s) • Management of infrastructure • Disparate components – FIM, syslog etc. • 24X7X365 monitoring • Increased regulations • Reducing budgets (Do more with less) Challenges
- 26. YOU SEE IT IN NEW REGULATIONS ControlCase Solution ISO •Agents are installed on each Workstation •Agents monitor File changes for the File Integrity Monitoring (FIM) requirement and also gather and transmit all logs relevant from a compliance perspective to the Log Collector/Sensor on our Appliance • ControlCase appliance registers and tracks all agents in the field •The sensor/collector collects and compresses logs coming in from the various agents •The logs are finally transported securely to our SIEM console in our Security Operations Center (SOC) •The SIEM console gathers all the logs, correlates them and identifies threats and anomalies as required by compliance regulations •SOC personnel monitor the SIEM console 24x7x365 and alert our clients and our Analyst teams about any potential issues related to compliance reporting Customer Location Service Provider ControlCase SOC
- 27. THANK YOU Q&A ControlCase: Making Compliance Effortless