Title: File Integrity Monitoring- A Component in PCI Compliance Software
1File Integrity Monitoring
A Critical Component in
PCI Compliance Software
PROMISEC
www.promisec.com
2The capability of any security information
program is measured by its ability to quickly
detect and fix data breaches.
Lets us discuss the File integrity
monitoring (FIM), an important part of payment
card Industrys data Security standard compliance-
www.promisec.com
PROMISEC
3Understanding the threats
The threats in the cyber world can be broadly
categorized into outside and inside threats. The
Inside threats can be malicious or non-malicious.
The latter includes an involuntary exposure of
the data resulting from poor judgment and
mistakes. The malicious threats include the
intended exposure carried out to avail the
financial gains. These can result in the serious
damage and must be dealt with precautionary
measures.
PROMISEC
www.promisec.com
4Attacks by the hackers
In the recent past, most cyber attacks of drastic
nature are carried out by the hackers
systematically and potently. The breach at
Heartland Payment Systems, the Stuxnet Worm
breach and the breach of Irans nuclear
centrifuges are a few examples of such drastic
breaches that resulted in the loss of millions.
PROMISEC
www.promisec.com
5Functions of File Integrity Monitoring
The FIM is highly functional at detecting any
alterations and unauthorized access to system
files. It performs the following functions-
It curtails the risk of breaches being conducted
by insiders or expert users.
It keeps the system stable by deterring the
changes in system configuration by unauthorized
and unplanned moves.
It helps to enhance the performance of the system
by checking the changes implemented outside the
managed environment
It helps to prevent Compliance Failure by
carefully accessing the sensitive data and
demonstrating due care.
PROMISEC
www.promisec.com
6Role of File Integrity Monitoring in PCI
Compliance Software
The Role of FIM is not only limited to preventing
data breaches. It is also an imperative part of
the PCI Compliance Software. The payment card
companies such as MasterCard, Visa, American
Express and Discover deal with the sensitive
information pertaining to their customers. The
businesses who manage the data security standard
for these companies mentions FIM in their PCI DSS
requirements. These requirements are basically a
set of controls developed by the Payment card
industry, which all businesses need to implement.
www.promisec.com
PROMISEC
7Use of File Integrity Monitoring in Cyber
Security
Role of FIM is to allow system administrators,
managers and security professionals to look into
the files and directories that change over the
time. It basically validates the integrity of
files of application softwares and operating
system with the help of a verification technique.
PROMISEC
www.promisec.com
8CONTACT US
Support_at_promisec.com
www.promisec.com
_at_Promisec_IT