During a PCI Audit the Auditor told us that all the Security Devices
protecting Cardholder Data are also part of PCI Scope, which makes
sense for IDS/IPS, FW, AD, so on but what about a Log Management tool?
This means that my Log Management Centralized Server solution which is
getting logs not just for PCI assets but for the whole network ... is
gonna be in scope?
if so? This means all 300 security devices sending the logs (Servers,
WStations, Data Bases, AV) to the Centralized server are in scope Too?
if so?
Then, obviously I need to find a way to isolate & split the Log
Management Server from the whole network to only monitor PCI assets
but that entails to buy a new costly license to have another
Centralized log server, which is not doable for us.
Have you ever had the same problem? so that you can share the way to
resolve it WITHOUT adding new software/hardware?
I think I need to create a kind of PCI Security Devices Zone isolated
from the network but not sure if that works for PCI Auditor.
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
During a PCI Audit the Auditor told us that all the Security Devices
protecting Cardholder Data are also part of PCI Scope, which makes
sense for IDS/IPS, FW, AD, so on but what about a Log Management tool?
This means that my Log Management Centralized Server solution which is
getting logs not just for PCI assets but for the whole network ... is
gonna be in scope?
if so? This means all 300 security devices sending the logs (Servers,
WStations, Data Bases, AV) to the Centralized server are in scope Too?
if so?
Then, obviously I need to find a way to isolate & split the Log
Management Server from the whole network to only monitor PCI assets
but that entails to buy a new costly license to have another
Centralized log server, which is not doable for us.
Have you ever had the same problem? so that you can share the way to
resolve it WITHOUT adding new software/hardware?
I think I need to create a kind of PCI Security Devices Zone isolated
from the network but not sure if that works for PCI Auditor.
Please share your ideas.
--
Danux
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]