Someone to Monitor and Analyze Security Alerts
In PCI Requirement 10, we discussed a critical aspect of data protection: logging and tracking. Implementing logging mechanisms at your organization gives you the ability to track user activities, which is crucial in preventing, detecting, and minimizing the consequences of a data breach. Without logging and tracking, it’s almost impossible to find the source of the data breach or compromise. In PCI Requirement 12.5.2, we take this a step further; it’s not sufficient just to have logging and alert systems in place. PCI Requirement 12.5.2 asks you to establish a role to monitor and analyze security alerts and information, and distribute appropriate personnel.
For this role, it’s important that organizations develop transition and/or succession plans to avoid potential gaps in this security assignment, which could result in responsibilities not being assigned and therefore not performed.
Back in PCI Requirement 10, we talked about having all the logging and log review programs established. PCI Requirement 12.5.2 establishes the need to define the roles and responsibilities and assign someone to manage and monitor the log review and all those other things. Once again, it’s not sufficient to just have a logging program, somebody needs to actually mange that and be actively part of that program.