What is PCI Requirement 10.7 and What is an Audit Trail History?

by Randy Bartels / April 12, 2023

 PCI Compliance and Audit Trail History Now that you’ve implemented logging, what do you to them? PCI Requirement 10.7 asks that you retain audit trail history for at least one year, with a minimum of three months immediately available for analysis. A year is the recommended length of time because it may take a few months to notice a compromise. A year’s worth of audit trail history can be…

PCI Requirement 10.2.4 – Invalid Logical Access Attempts

by Randy Bartels / May 31, 2023

 Is There a Log of That? Invalid logical access attempts are often an indication of a malicious user attempting to access something they don’t have permission to. This is why PCI Requirement 10.2.4 requires that organizations implement automated audit trails to reconstruct invalid logical access attempts. Misspell your password? There should be a log of that. Someone tries to view a file that they don’t have permission to? There…

PCI Requirement 10 – Track and Monitor all Access to Network Resources and Cardholder Data

by Randy Bartels / May 31, 2023

 Importance of Logging and Tracking If data was compromised at your organization, how would you determine the cause? PCI Requirement 10 focuses on a critical aspect of data protection: logging and tracking. Implementing logging mechanisms at your organization gives you the ability to track user activities, which is crucial in preventing, detecting, and minimizing the consequences of a data breach. Without logging and tracking, it’s even more difficult to…

Cloud Security: Business Continuity and Disaster Recovery Planning

by Sarah Harvey / July 12, 2023

Myths about the Cloud and BC/DR Plans When it comes to Business Continuity and Disaster Recovery Plans for cloud environments, we often hear this feedback: “I’m in the cloud so I don’t have to worry about Business Continuity and Disaster Recovery Plans because my cloud provider does those for me.” “We don’t need to test our Business Continuity and Disaster Recovery Plans, we’ve thought it all through.” “Our cloud service…

Auditor Insights: Day-to-Day Operations of Internal Audit

by Joseph Kirkpatrick / June 13, 2023

Internal audit provides a level of monitoring which is generally not available when working with a third-party auditor. If you’re going on a long road trip, how likely are you to hop in the car and start driving? You’re not – most people will take the car to the shop for an oil change and overall inspection. If the road trip is the audit engagement, the practice of taking the…