PCI Requirement 12.10.4 – Provide Appropriate Training to Staff with Security Breach Responsibilities
PCI Requirement 12.10.4 requires that your organization provides appropriate training to staff with security breach response responsibilities.
If you are not happy with the results below please do another search
PCI Requirement 12.10.4 requires that your organization provides appropriate training to staff with security breach response responsibilities.
To ensure that critical system clocks and time are consistent and correct, PCI Requirement 10.4.3 requires that time settings are received from industry-accepted time sources. This could be from something like the U.S. Navy, NASA, Google, or other organizations who use GPS for time synchronizations.
PCI Requirement 10.4.2 requires that through time-synchronization technology, time data is protected. Organizations must implement controls to protect time data from unauthorized access or modification. Why? Malicious attackers may seek to modify time data to hide what actions they’ve taken over a period of time.
PCI Requirement 10.4.1 requires that critical systems have the correct and consistent time so that chronological events can be recreated. Without proper and consistent synchronization, it’s almost impossible to compare logs to systems and determine an exact sequence of events. Compliance with PCI Requirement 10.4.1 is crucial during incident response.
Remember how PCI Requirement 10.3 requires that date and time of events are captured in log entries? PCI Requirement 10.4 dives into time management and what is required of that date and time. It requires that organizations should use time-synchronization technology to synchronize all critical system clocks and times and ensure that the following is implemented for acquiring, distributing, and storing time: