Companies that have the tools to ensure continuous monitoring, identify, report and investigate audit trails and conduct risk analytics are taking the right steps to protect critical data,
· Data cleanup: Detect and remediate rogue accounts and grants · Access control policies: Define policies and procedures and ensure that they apply to applications and the data center. · Access control processes: Review accounts and privileges and discover who has been given approval to access sensitive information or conduct certain business processes. · Physical security: Investigate and determine the company's access badge procedures. Integrate the procedures into the overall security guidelines. · PassWord management: Identify the current passWord procedures and possibly deploy a single sign-on technology. · Risk-based adaptive authentication: Two-factor authentication should be in place · Audit trails: By collecting and keeping accurate audit trails, companies gain a big benefit by allowing an investigator the ability to capture a point-in-time snapshot of system activity. the source of suspected fraudulent activity. · Reports: By keeping reports of system logs and reviewing those logs, companies can reduce risk to acceptable levels · Attestation: Much like the attestation used to comply with the Sarbanes Oxley Act, attestation is used to meet PCI access control standards by forcing a periodic review of user access rights information. = =
Source: searchsecurity.techtarget
Copyright © 2026 eLLeNow.com All Rights Reserved.
