Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

PCI SSC Directory Elaborates On European Compliance

LogRhythm : 26 May, 2011  (Technical Article)
LogRhythm comments on the role of compliance as seen by the PCI Security Standards Council leader for alerting companies to the misuse of data as well as intrusion prevention

This week, the European director of the PCI Security Standards Council, Jeremy King, warned that despite fraud losses falling last year, organisations still need to do more to make security part of their day-to-day operations. He also highlighted that many organisations are failing to adhere to the PCI Data Security Standard (DSS) – resulting in £1 million card fraud losses per day in 2010 – and advised that compliance is not just about preventing intrusions, but also about ensuring systems are in place to alert organisations to any misuse of data.


Ross Brewer, vice president and managing director for international markets, LogRhythm, cautions that while organisations are beginning to realise the importance of Protective Monitoring, many do not fully understand the scope of what it entails.


“Jeremy King is right to highlight that we cannot rely on a single solution to prevent data breaches, however, many organisations often place too much faith in traditional security methods that try to fence-out the threat. The repeated high profile security incidents currently making the news should have proved to everyone that data breaches are now an inevitability. Today, defending networks depends on traceability – organisations need the ability to connect seemingly unique events so that anomalies can be identified and action taken to minimise damage. As King says, with the right policies in place “you may not prevent ten records from going out, but the likelihood of preventing it before it reaches 75 million is definitively increased”.


“When it comes to Protective Monitoring, organisations must not fall into the trap of viewing it as a one-time only compliance requirement. Indeed, you only have to look at the latest UK Security Breach Investigation Report, to see that of all the merchants suffering a cardholder data breach in 2010, none were compliant with PCI DSS requirement number 10, which warns that merchants must regularly monitor access to network resources as a way of proactively spotting unusual or suspicious behaviour.


“To be effective, Protective Monitoring must involve ongoing analysis of all log data. In addition, due to the volume of logs generated by modern IT systems, and the increasingly disparate nature of networks, it is vital that they consist of automated, centralised and fully integrated log management platforms. In the current marketplace of increasingly complex IT and data operations, this approach is the only way to provide the deep insight required to secure the IT estate and guarantee compliance with regulatory obligations like PCI DSS.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo