Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« This Is Business Continuity Awareness Week! | Main | Risks & Compliance: Giving Personnel Access to Their Own, And Coworkers', Records is Generally a Bad Idea »

Using PCI DSS-Compliant Log Management to Identify Insider Access Abuse

Today I just finished writing the last of a three paper series, "The Essentials Series: PCI Compliance," in which I discuss and demonstrate three ways in which meeting the PCI DSS requirements for logging also benefits businesses by putting into place log management practices that:

1) help to identify when authorized users may be doing things they should not be doing,

2) help to reveal when unauthorized users from outside the network perimeter have breached the network, and

3) reveal vulnerabilities within applications that could have led to information security incidents and privacy breaches if they were not discovered.


Within these papers, I include real life examples, along with insights from a seasoned QSA auditor and log management experts.

The first paper of the series, "Using PCI DSS-Compliant Log Management to Identify Insider Access Abuse," was just released!

Here is an excerpt from the first page:

"Meeting the requirements for PCI DSS logging benefits businesses by putting into place logs that help to identify when authorized users may be doing things they should not be doing. There are literally thousands of types of logs that can be generated on corporate networks and appliances.

Unfortunately, too few information security and IT practitioners understand that there are very important differences in how to use logs to identify insider threats from other types of threats. Too few know how to review the logs to identify when authorized users may be doing inappropriate activities with their access. The indicators found within logs for insider abuse are largely much different than indicators for other types of threats.

How the Insider Threat Impacts Business

Think about how many people have authorized access to information resources within your
organization. These "insiders" often include:

• Employees

• Contract workers

• Temporary workers

• Business partners

• Consultants

• External auditors

• Customers

• Former employees whose access has not been removed

Think about the sensitive information these insiders have been authorized to access. Think about all the bad things a malicious insider could do with this access. If there are gaps in security controls, malicious insiders can take advantage of those vulnerabilities to use the access privileges of authorized insiders."

You can downlowd the full article from the Realtime Publishers site.

Please let me know what you think!

Tags:                    
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on April 1, 2008 9:17 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/694

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.