On Common Ground: The Overlap of PCI DSS and Data Protection

On Common Ground:

The Overlap of

PCI DSS

& Data Protection

Expanding attack surface

More frequent & costly attacks

Increasing risk of breach

Expanding and evolving compliance

demands

Cost of being secure and compliant

is too high and labor intensiveIs there commonality across standards?

If I’m PCI DSS compliant, Am I Secure?

How does Data Protection relate to PCI?

Can I meet my security objectives?

4

3

2

1

1

1

2

1

2

•

•

•

•

•

•

•

3

PCI

DSS

Best

PracticesInternal

Policy

ISO

27001

events

even

ts

events

3

Desir

ed S

tate

No Visibility

Drifting

High-risk

Temporary Success

Time

Assess & Achieve

Maintain

Non-stop monitoring & collection

Dynamic analysis to find suspicious activities

Alert on impact to policy

Remediate options to speed remedy

Desir

ed S

tate

Time

4

VISIBILITY

Across the entire

IT infrastructure

INTELLIGENCE

Enable better,

faster decisions

AUTOMATION

Reduce

manual, repetitive

tasks

Tripwire VIA

Logging turned off

New user added

DLL modified by new user

FTP enabled

Login successful

FTP event to foreign IP

10 failed logins

5 failed logins

Logging turned off

Host not generating events

Windows event log cleared

Login successful

Policy test fails

Answers To Your Two Essential Questions

AM I SECURE? AM I COMPLIANT?

Raw Log Data

Events of Interest!

change event

log event

VISIBILITY

Across the entire

IT infrastructure

INTELLIGENCE

Enable better,

faster decisions

AUTOMATION

Reduce manual,

repetitive tasks

Tripwire VIA

Tripwire is a leading global provider of

IT security and compliance automation

solutions that enable organizations to protect,

control and audit their entire IT infrastructure

Change, Breaches, Audits

and Outages Happen. TAKE CONTROL.