Using specialized audit records for file access monitoring
Companies need to track how cardholder information is being accessed and used, in order to be able to protect it and prevent data breaches that may expose it. An important part of the PCI DSS compliance process relies on policies, procedures and solutions that enable companies to monitor access to the systems and, more importantly, to the files that contain cardholder data. Having such processes in place minimizes the risk of a data breach, allows organizations to detect data breaches and report them accordingly, as well as enables delivery of accountability and other critical information about the extent of the data breach. Data breach incidents involving cardholder information are far more expensive, when the full extent of the breach is not known. In lack of proper audit trails built by specialized tools for file access auditing, it is very difficult to determine the cause, accountable user(s) and number of lost records.
File access auditing plays an important role in three main areas of PCI DSS Compliance: enforcing the principle of least privilege (requirement 7), directly delivering audit trails for any access to files containing cardholder information (requirement 10) and alerting or reporting on changes to the important system files (requirement 11). Implementing file access auditing solutions in conjunction with SIEM solutions, enables companies to compensate for the current limitations of SIEM solutions in terms of fie monitoring, but at the same time preserve a single point of reporting for security and compliance…
Click here to download the full document.