This is the 16th post in the long series that is nearing the end (part 1, part 2, part 3 – all parts). A few tips on how you can use it in your organization can be found in Part 1. You can also retain me to customize or adapt it to your needs.
And so we continue with our Complete PCI DSS Log Review Procedures (please consider reading from Part 1 – at this stage we are deep in the details and these sections might seem out of context without reading earlier parts):
Management ReportingIn addition for compliance evidence, validation activities can be used to report the success of a log management program, processes and procedures to senior management. The data accumulated in the above sections as proof of organization-wide PCI DSS compliance can also be used for management reporting. Specifically, the following are useful reports that can be produced from the data:
· Presence and adequacy of logging
o Percentage of all systems / regulated data systems covered by logging (the latter should be 100%)
· Presence of defined log review processes and their implementation
o Log policy and procedure changes
o Application under log review
o Log entries reviewed
· Exception handling process and its implementation
o Log exceptions handled by type, analyst name, etc
o Exception escalated to incident response
o (if relevant) Risk reduced due to timely escalation or incident prevention
o Resources saved due to timely escalation or incident prevention
o Application performance improvement due to log review
· Other log management program reporting
o Overall compliance readiness (PCI DSS and other)
Finally, let’s summarize all periodic operational tasks the organization should be executing in connection with log review.
To be continued.
Follow PCI_Log_Review to see all posts.
Possibly related posts:
- Incident Log Review Checklist
- All posts tagged PCI_Log_Review