Sites:
Home > Technical Library > Industrial Computers and Embedded Systems > Chapter 9: Monitoring and Testing

Chapter 9: Monitoring and Testing

By et al.
From PCI Compliance: Implementing Effective PCI Data Security Standards

Introduction

Generally speaking, the best approach to any industry or government regulatory requirement has been to find a middle ground in terms of effort and cost to meet the spirit of the requirement, and then work with the auditor ahead of audit time to see how you ve done. Generally, that approach reaps rewards that pay off in reduced patching of the effort. Obviously, meeting with the auditor before you start makes a lot of sense, but making certain the results meet with the auditor s approval is where your Return on Investment (ROI) will show up. If the auditor is happy, then the card issuer will be happy.

This is certainly true where Requirements 10 and 11 of the Payment Card Industry (PCI) requirements come into play Requirement 10, Monitoring, and Requirement 11, Testing, are easily capable of inflating PCI compliance costs to the point of consuming the small margins of card transactions. No one wants to lose money to be PCI compliant. Therefore, the ability to meet the requirements above all must make business sense. Nowhere else in PCI compliance does the middle ground of design philosophy more come into play than in the discipline of monitoring, but this is also where minimizing the risk can hurt most.

Monitoring Your PCI DSS Environment

PCI Data Security Standard (DSS) Requirement 10 states: Track and monitor all access to network resources and cardholder data . The requirement around monitoring is potentially broad and far-reaching, but there are boundaries to be determined, and that...

Copyright Elsevier, Inc. 2007 under license agreement with Books24x7
Products & Services
Multipurpose Computer Boards
Multipurpose computer boards can perform numerous, related functions. Examples include modem/fax cards, modem/Ethernet cards, and serial/parallel adapters.
CompactPCI Extenders and PXI Extenders
CompactPCI extenders and PXI extenders are computer boards that are used to improve or extend the functions of CompactPCI and PXI systems.
CompactPCI and PXI Products
CompactPCI and PXI products are a general search form that covers peripherals that use the CompactPCI (cPCI) and PXI bus standards. CompactPCI and PXI products include switches, extenders, controllers, processors and interface adapters. More detailed search forms are available for specific areas.
PCI Products
PCI products are devices that use the peripheral component interconnect (PCI) bus standard. PCI products include bridges, extenders, and power supplies. They also include bus interface, adapter, memory, mass storage, networking, and serial communications modules.
Topics of Interest

Introduction You have determined that your organization needs to comply with the Payment Card Industry (PCI) Data Security Standard (DSS) and, looking at the requirements, you are not sure where to...

Protecting Cardholder Data The Payment Card Industry (PCI) Data Security Standard (DSS) requirement to protect cardholder data encompasses two elements: Protect stored cardholder data...

Introduction Chances are if you picked up this book you already know something about the Payment Card Industry (PCI). This chapter covers everything from the conception of the cardholder protection...

Introduction Whether it s your first on-site audit or your first external vulnerability scan, it s pretty easy to fail your first audit. And while this may not be the case for you, you should have a...

Parsing Other Data Besides log files and binary data on Windows systems, there is quite a bit of other data that can be parsed in a number of useful ways. For example, the Visa Payment Card Industry...