Using PCI DSS-Compliant Log Management to Identify Insider Access Abuse

Today I just finished writing the last of a three paper series, “The Essentials Series: PCI Compliance,” in which I discuss and demonstrate three ways in which meeting the PCI DSS requirements for logging also benefits businesses by putting into place log management practices that:


1) help to identify when authorized users may be doing things they should not be doing,
2) help to reveal when unauthorized users from outside the network perimeter have breached the network, and
3) reveal vulnerabilities within applications that could have led to information security incidents and privacy breaches if they were not discovered.
Within these papers, I include real life examples, along with insights from a seasoned QSA auditor and log management experts.
The first paper of the series, “Using PCI DSS-Compliant Log Management to Identify Insider Access Abuse,” was just released!
Here is an excerpt from the first page:

“Meeting the requirements for PCI DSS logging benefits businesses by putting into place logs that help to identify when authorized users may be doing things they should not be doing. There are literally thousands of types of logs that can be generated on corporate networks and appliances.
Unfortunately, too few information security and IT practitioners understand that there are very important differences in how to use logs to identify insider threats from other types of threats. Too few know how to review the logs to identify when authorized users may be doing inappropriate activities with their access. The indicators found within logs for insider abuse are largely much different than indicators for other types of threats.
How the Insider Threat Impacts Business
Think about how many people have authorized access to information resources within your
organization. These “insiders” often include:
• Employees
• Contract workers
• Temporary workers
• Business partners
• Consultants
• External auditors
• Customers
• Former employees whose access has not been removed
Think about the sensitive information these insiders have been authorized to access. Think about all the bad things a malicious insider could do with this access. If there are gaps in security controls, malicious insiders can take advantage of those vulnerabilities to use the access privileges of authorized insiders.”

You can downlowd the full article from the Realtime Publishers site.
Please let me know what you think!

Tags: , , , , , , , , ,

Leave a Reply