White Papers for Federal Financial Institutions Examination Council (FFIEC)

Using Security Information Management Systems for PCI Compliance

SenSage

The security challenges facing today’s businesses are complex and serious. Identity theft, fraud, insider threats, and an increase in financial criminal activity have replaced the chaotic and unsophisticated threats of several years ago. To help protect cardholders, as well as the businesses that process and store their cardholder data, Visa and other payment card organizations created the Payment Card Industry Data Security Standard (PCI DSS). This comprehensive set of control requirements describes procedures and provides guidance related to network security, vulnerability management, access controls, data protection, and policy as it relates to cardholder data environments.
As organizations today are implementing PCI DSS standards and procedures, one thing is becoming clear: The volume of data that must be analyzed and potentially stored is significant. Audit logs, application logs, and network information are only a few of the types of data that must be assessed. Others include access control data, encryption and network connectivity settings and configuration data, and vulnerability scan data. Often, many distinct events are occurring at different points in a network, with very little obvious relation between them, particularly since many of the events are coming from systems with very different event characteristics.

View the White Paper

Share or bookmarklet this web page at: