Review Your Logs as Determined by your Annual Risk Assessment

That is what PCI(Payment Card Industry) DSS(Data Security Standard)  v3.1 April 2015 says at 10.6.2 and 10.6.1

PCIDSSLogreview

 

 

This makes sense right? review your logs for security events, and of all critical components and systems.

The list of critical systems:

Firewall

Any email server (proofpoint, antispam etc)

Fileserver

IPS/IDS system Intrusion Prevention-Detection System

Routers

Webserver

Ecommerce systems

 

why internal and external? – I’m glad you asked that…  the reason is that we have to assume the malicious hacker is inside the network already.

Since the criminal hacker is lurking and hacking any systems that they can.

 

Of course as I have mentioned before

http://oversitesentry.com/why-risk-management-model-failed-us/  Mar 20

 

We do have to keep a close eye on critical systems, but that does not mean we do not do the work elsewhere. If the resources are not there to do a good enough job (defined by risk management process)…  then this must be communicated to the CEO or CFO as the importance cannot be underestimated.

 

Of course these next concepts assume you have a risk management process,  if there is no risk management then one has to create it.

 

failed-risk_management_model

 

 

The Criminal will try and find any way in so that they can escalate their privilege to create  more connections into your network, until they have the critical systems. So definitely do not assume all systems in the internal network are clean and safe.

 

 

It is relevant to copy a paragraph from the older post:

Here is the relevant sentence from the Wall Street Journal Article:

{Hackers appear to have originally breached J.P. Morgan’s network via an employee’s personal computer, a person close to the investigation has said. From there, the intruders were able to move further into the bank’s systems. Employees often use software to tap into corporate networks from home through what are known as virtual private networks.}

And a previous post  with a similar theme:

http://oversitesentry.com/risk-management-does-not-work/  Feb 4 post

 

Please contact me at tonyz “@” fixvirus.com to discuss this, or leave comments.

This is a moderated Blog so only reviewed comments will be allowed (we all know that there are many spammers out there)

 

 

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.