Excerpt from: IT Compliance
|
 |
| February 14, 2008 | | Ensure that you have a secure database audit solution for your PCI compliance requirements | Do you have a database audit solution for your PCI compliance requirements? You should, as PCI DSS section 10 mandates tracking accesses to all cardholder data. The cardholder data is often stored in a database in an encrypted form and it is critical to monitor and audit the database. It’s an often over-looked area for compliance requirements, as the notorious TJ Maxx breach involved hackers getting unauthorized (and undetected) access to the cardholder data in the database. Solidcore S3 Control has excellent database monitoring capabilities that can alert organizations of suspicious activity and prevent such data breaches. Key Advantages of S3 Control Database Monitoring for PCI Compliance - Tracks all activity, not just changes: S3 Control can track database activity like logon/logoff/unsuccessful logon attempts, user/role creation, privilege grants, schema changes, access to sensitive data and changes to the records in a table. Each audit record includes the database username, event type, exact time of the event, result of the action, the remote hostname and the database instance or object that was affected.
- Ease of Deployment – S3 Control offers a uniform, easy to use web-based interface to configure auditing options on all your databases and removes the chore of writing and maintaining platform-specific database scripts.
- Wide platform coverage – S3 Control can track changes on Oracle, DB2, SQL Server and Sybase running on a variety of OS platforms.
by
Raj Rajamani, Product Marketing
Raj@solidcore.com | | |
|
|
