“However, you need a more clear concept of "expensive"...”
Depends on your budget/revenue, but then again, if you’re a level 1 merchant you need to make the most stringent efforts, if you’re down at level 4 as a small business with transaction volume towards the bottom of the chart, there can be many ‘compensating’ controls and mitigating factors that allow less spendy options as reasonable effort. Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' From: [email protected] [mailto:[email protected]] Sent: Thursday, May 19, 2011 7:37 AM To: NT System Admin Issues Subject: Re: Question on PCI compliance I'll be watching this thread because we're in a similar situation. However, you need a more clear concept of "expensive"... Tripwire may cost a lot of money. Fines, higher processing fees, or being denied the right to accept credit card payements - now THAT's expensive! -- richard Greg Olson <[email protected]> 05/18/2011 04:01 PM Please respond to "NT System Admin Issues" <[email protected]> To "NT System Admin Issues" <[email protected]> Press this button if the "To" is a fax number. Enter in the fax number like 123-456-7890. cc Subject Question on PCI compliance Hi all, I have a quick question on pci compliance and how you guys\gals are handling it for servers you have that take credit card data? We have a small amount of servers that basically host the web code to take cc info and its then passed on directly to the processor. Nothing stays on the server at any time, but we would like to be able to pass a pci audit on these servers which requires that we have "automated" software that monitors and detects changes in the log files, and software that monitors key files (windows directories, and our app directories) for any changes and sends out an alert. We're looking at Tripwire product, but they seem pretty expensive for the small amount of servers we're talking about. Any thoughts? Thanks in advance. -Greg ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
