Role of SOC in PCI DSS
What is PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information. . This is achieved through enforcing tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle. It is intended to protect sensitive cardholder data. The PCI DSS was created jointly in 2004 by four major credit-card companies: Visa, MasterCard, Discover and American Express.
PCI DSS compliance is a must for all businesses that creates, process and store sensitive digital information. To ensure the protection of businesses and their customers, the Payment Card Industry Security Standards Council publishes a checklist of security requirements for companies that engage in credit card transactions.
12 Step PCI DSS Requirements Checklist
- Install and maintain a firewall configuration to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
- Protect all systems against malware and regularly update anti-virus software or programs.
- Develop and maintain secure systems and applications.
- Restrict access to cardholder data by business justification (i.e., “need to know”).
- Identify and authenticate access to system components.
- Restrict physical access to cardholder data.
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
- Maintain a policy that addresses information security for all personnel.
Role Of SOC in PCI DSS
A SOC can monitor the firewall, its logs and configuration changes if any and follow through in case of any anomalies. This will increase the speed of incident remediation if any. A SOC can examine the firewall configuration standards and verify router configuration standards through a documented list of all services, protocols and ports.
The Organization should ensure that they do not use the vendor-supplied passwords and account names initially provided to them. Passwords should be made complex so that it is difficult to guess. A SOC can monitor the configuration changes for critical infrastructure. This can include an active directory, LDAP, databases etc. The SOC incident response team will immediately notify the organization in case of such changes.
A cardholder’s data is something very important that needs to be protected at all times. It is better to encrypt such data for quicker compliance .A SOC team can monitor important locations where organisations store such sensitive information and can notify the users in case of attacks or data leaks.
An encrypt transmission of cardholder data across open, public networks is something that requires intense security. The transmission must be in such a way that there should not be any man in the middle attack, whereby the valuable credit card information could be lost or sold in the dark web. A SOC monitoring for all sorts of attacks. A SOC team can correlate all the information it attains during monitoring to identify if there are any data leaks or attacks.
The PCI will recommend an organization to use an anti-virus program and update it regularly. A SOC can examine anti-virus configurations, master installation of the software and sample of system components to verify the effectiveness of anti-virus software. Monitoring the anti-virus log files will provide information about any malware or suspicious activity within the network.
The Organization must develop and maintain secure sytems and applications. They require proper logging or monitoring tools to ensure proper security. This can be done by SOC whereby they can perform external vulnerability scans and application log monitoring and they can correlate these information to find out any malicious activity within the organisation.
PCI recommends organisations to have a restriction on who all can access sensitive credit card information. The Organization should have identity management tools for this purpose. SOC’s can monitor user logon activity through integrations with the active directory. This will give a clear picture into who all are doing what and where within the network.
The organization identity management should ensure that a unique ID should be assigned to each person with computer access. A SOC can will monitor user behaviour based on this identifiers and can correlate information with both human and machine intelligence to identify the users within the network.
Organizations should restrict physical access to locations storing cardholder data. The SOC can correlate data from network access, physical access obtained as log and can identify if there is any unauthorised entry into such locations.
The Organization should continuously track and monitor all access to network and cardholder data. A SOC team does log management and SIEM for auditing and forensics. The 24*7 security monitoring tracks all the security events and threats can ensure that a cardholder information is protected.
PCI recommends organization to regularly test security systems and processes to ensure that everything is working properly. The SOC team can help in this by performing vulnerability scans, intrusion detection and continuous security monitoring.
The organization should maintain a policy that addresses information security for all personnel. The best way to do this is by creating an incident response team. They will provide incident response and even security training for users to make them aware of the all the possible security threats.