GPG13 Compliance: More Than Log Collection and Monitoring

Ed Hamilton
There is widespread belief that GPG13 compliance can be met by simply logging and monitoring log files. Yet Protective Monitoring Control (PMC) 4 requires a GPG13 solution to detect change and determine its impact upon security. Is it practical to accomplish this with logs alone? CLAS Consultant, Ed Hamilton of Analysys Mason discusses this key topic.
Dec 7 2011
43 mins
GPG13 Compliance: More Than Log Collection and Monitoring
Join us for this summit:
More from this community:

IT Governance, Risk and Compliance

Webinars and videos

  • Live and recorded (2865)
  • Upcoming (85)
  • Date
  • Rating
  • Views
  • Join us for this live webinar where we will walk through a real-world example in which FireEye Managed Defense analysts utilized the FireEye Platform’s MVX virtual machine technology and endpoint response capabilities to identify, alert, and remediate an active Advanced Persistent Threat (APT) attack.

    In this case study we will cover:

    • How the attacker executed a “smash-and-grab” attack aimed at stealing intellectual property.
    • How FireEye detected the attack as it was beginning and re-secured the network and prevented sensitive data from leaving the client’s networks.
    • Best practices for investigating and responding to similar attacks.
  • Today most companies are witnessing an explosion in the amount of data that they store. According to recent estimates, large databases grow by 65% year over year and 85% of the data contained in these large databases is inactive. This often out-of-control data growth stems from a variety of sources and can have a negative impact on application performance, database management tasks, and overall total costs.

    During this webinar, learn how you can improve application performance while simplifying IT for Oracle applications with Informatica Smart Partitioning and Oracle ZS3 storage appliance.

    In this event, we will share how the combination of Oracle Tiered Storage and Informatica Data Archive Smart Partitioning:
    Reduces the cost of data by enabling storage tiering and compression of referentially intact data partitions
    Improves application performance up to a factor of 6X or more by automatically optimizing datasets for user requests
    Eliminates complex archiving strategies and provides full and rapid access to archived data from the native Oracle Application
  • Encryption, and cryptography in general, has been thrust into the spotlight as a critical technology for combating surveillance, data breaches, insider threats, and more. But encryption is no silver bullet, and the quality of its implementation is the major determining factor in the protection it actually provides. Join us on Thursday April 24 to learn about:
    •Five ways you can measure the quality, or trust level, your crypto systems provide
    •Effective strategies for dealing with the key management pain many organizations are starting to feel as they increase their deployment of cryptography
    •Use cases for strong cryptography and trusted key management with hardware security modules (HSMs)
  • Protiviti's IT Priorities Survey results reveal 2/3 companies are going through a major IT transformation in 2014. Join Protiviti's IT Consulting managing directors to discuss why.
  • Security professionals are increasingly realizing that protecting executives and corporate assets requires more than just “guns and guards.” It requires a proactive strategy to identify and prevent a threat, rather than reacting to one. So how can security professionals be proactive and minimize the threats that originate from the Internet?

    In this webcast we’ll look at how you can use an individual’s online “footprint” to identify potential threats and develop a more effective security plan. We’ll also present a case study of one of our own executives and show why online threat intelligence is not the same as news alerts or monitoring social media for brand buzz.
  • Today's organizations are moving more interactions online through web, mobile and API-enabled web services to empower their customers and increase revenue. Managing the high volume of customer identities and enabling secure interactions across a set of web, mobile and hybrid apps, from a variety of different devices can be challenging.
    On April 24th at 1pm ET, please join David Gormley, Director, Security Solutions for CA Technologies, to learn how you can securely accelerate the delivery of new applications and services, while improving the customer experience across multiple channels of interaction.
  • Presented by the experts with the facts.

    The Inside Story of the Discovery, the Timeline and Solutions to Protect Your Organization. Finally, All of Your Questions Answered.

    Join the conversation and get the latest Heartbleed updates by following @CodenomiconLTD
  • Everyday consumers assume that when making a purchase, online or in-store, their card data is handed off to a trusted source, with security in place to protect them. However protecting these transactions and the retail payment ecosystem has become increasingly complex, with recent data breaches of large retailers testament to the vulnerabilities.

    In addition, compliance with PCI DSS fails to address some of these vulnerabilities resulting in potential exploitation with disastrous consequences. To address these security gaps the scope of security needs extending from the merchant, acquirer, switch and bank or card issuers to include the manufacturers of payment terminals at the point of sale and developers of payment application software.

    Join your fellow professionals to understand how by using Point-to-Point Encryption, card data is encrypted from the earliest possible moment of its capture, and ensures that data remains in an encrypted state consistently until it arrives at the payment gateway.

    Then understand why many merchants are considering P2PE not only to secure vulnerabilities, but also because it can effectively remove some of the merchant’s own security infrastructures from the scope of compliance with regulations such as PCI DSS. Lastly understand why encryption is only as secure as the encryption keys as when cryptography is used to protect valued data, the risk is transferred from the data to the keys.
  • Everyday consumers assume that when making a purchase, online or in-store, their card data is handed off to a trusted source, with security in place to protect them. However protecting these transactions and the retail payment ecosystem has become increasingly complex, with recent data breaches of large retailers testament to the vulnerabilities.

    In addition, compliance with PCI DSS fails to address some of these vulnerabilities resulting in potential exploitation with disastrous consequences. To address these security gaps the scope of security needs extending from the merchant, acquirer, switch and bank or card issuers to include the manufacturers of payment terminals at the point of sale and developers of payment application software.

    Join your fellow professionals to understand how by using Point-to-Point Encryption, card data is encrypted from the earliest possible moment of its capture, and ensures that data remains in an encrypted state consistently until it arrives at the payment gateway.

    Then understand why many merchants are considering P2PE not only to secure vulnerabilities, but also because it can effectively remove some of the merchant’s own security infrastructures from the scope of compliance with regulations such as PCI DSS. Lastly understand why encryption is only as secure as the encryption keys as when cryptography is used to protect valued data, the risk is transferred from the data to the keys.
  • Email Gateway 7.6 including advanced threat defense, hybrid cloud setup and ”ClickProtect” spear phishing protection.
  • Channel
  • Channel profile
Up Down
  • Insider Threat Kill Chain: Detecting Human Indicators of Compromise May 8 2014 6:00 pm UTC 60 mins
    In this webinar we will:

    • Discuss how human resources, legal and IT can work together to help prevent insider threats before they become a problem.
    • Identify risk indicators with employee attitudes and behavior and how it correlates to their patterns of activity on your network.
    • Show how you can use log intelligence and security analytics to automate actions and alerts and rapid reporting and forensics.
  • Heartbleed Outpatient Care: Steps for Secure Business Recovery Recorded: Apr 17 2014 57 mins
    In this webcast we will show:
    1. The Heartbleed vulnerability in detail, how it occurred with examples of how it can be used against your organization
    2. How you can identify your business exposure and what systems are vulnerable
    3. How Tripwire’s solutions work together to help you close the detection, remediation and prevention gaps around Heartbleed
  • AAA: Getting Roadside Assistance from Tripwire Recorded: Apr 2 2014 56 mins
    Tim Masey, Director of Enterprise Information Security at AAA, will share his company’s PCI journey.
    In this Q&A-style webcast you will learn:
    •How to move your PCI efforts from a small tactical implementation to a key critical component of your security posture.
    •How to align your compliance efforts with the needs of the business, which will allow you to gain more resources—financial, human and technical.
    •How to utilize security and policy driven dashboards to get your management’s support.
  • How to Restore Trust After a Breach – Middle East Recorded: Mar 13 2014 39 mins
    Jason Clark, CISSP, Tripwire Technical Manager (Middle East), will be sharing how to achieve trust after a data breach in this UK focused webcast, which will cover crucial questions such as:
    •Which systems can be trusted?
    •What is the extent of the compromise?
    •How quickly can you attain situational awareness?
    Jason will also provide participants with a practical, five-step approach to restore trust in your critical systems after a data breach. Register today to join us for this informative webcast.
  • How to Restore Trust After a Breach – DACH Recorded: Mar 5 2014 52 mins
    Tripwire’s Senior Pre-Sales Consultant, Michael Rohse (DACH), will be sharing how to achieve trust after a data breach in this UK focused webcast, which will cover crucial questions such as:
    •Which systems can be trusted?
    •What is the extent of the compromise?
    •How quickly can you attain situational awareness?
    Michael will also provide participants with a practical, five-step approach to restore trust in your critical systems after a data breach. Register today to join us for this informative webcast.
  • How to Restore Trust After a Breach - UK Recorded: Mar 4 2014 57 mins
    In this webcast, Joel Barnes, UK Senior Systems Engineer, will share how best to achieve trust after a data breach. He’ll cover crucial questions, such as: Which systems can be trusted? What is the extent of the compromise? How quickly can you attain situational awareness? He will also provide participants with an approach to restore trust in your critical systems after a data breach, following five steps:
    1.Know what you have and prioritize by risk levels
    2.Define what “good” looks like
    3.Harvest system state information from your production systems
    4.Perform a reference node variance analysis to identify compromised systems
    5.Remove suspect systems from the environment and return to a trustworthy state
    Join us for this informative webcast!
  • How to Restore Trust After a Breach Recorded: Feb 12 2014 56 mins
    In this webcast, Dwayne Melancon, Tripwire’s Chief Technology Officer, will share how best to achieve trust after a data breach. He’ll cover crucial questions, such as: Which systems can be trusted? What is the extent of the compromise? How quickly can you attain situational awareness? He will also provide participants with an approach to restore trust in your critical systems after a data breach, following five steps:
    1.Know what you have and prioritize by risk levels
    2.Define what “good” looks like
    3.Harvest system state information from your production systems
    4.Perform a reference node variance analysis to identify compromised systems
    5.Remove suspect systems from the environment and return to a trustworthy state
    Join us for this informative webcast!
  • Preparing for PCI DSS v3.0: Advice from the QSA Recorded: Jan 22 2014 57 mins
    As a former QSA and currently a security analyst at The 451 Research, Adrian Sanabria will share a frank viewpoint of how the new version of Payment Card Industry standard will affect your organization.

    Join us for this webcast and you will:

    •Obtain the point of view from the QSA
    •Learn how PCI DSS 3.0 may affect your Report on Compliance
    •Understand the job of a QSA and the qualities of a good QSA
    •Learn how Tripwire solutions can make the job of the QSA and the PCI audit process easier
  • Vulnerability Voodoo: The Convergence of Foundational Security Controls Recorded: Dec 17 2013 60 mins
    Charles Kolodgy, Research Vice President for IDC's Security Products service, and Edward Smith, Product Marketing Manager at Tripwire, will discuss:

    •Integrating Vulnerability Management with other security controls to improve compliance and security posture
    •Leveraging Vulnerability Management beyond the server room to reduce risk across the entire enterprise
    •Combining business intelligence from Vulnerability Management with other security controls to make better business decisions
  • PCI DSS 3.0: Don't Shortchange Your PCI Readiness Recorded: Dec 16 2013 60 mins
    Join Jeff Hall, CISSP, CISM, CGEIT, PCI-QSA, PCIP and Senior Security Consultant at FishNet Security and Steve Hall, Director of PCI Solutions at Tripwire, to learn how PCI DSS 3.0 will impact your organization and what you need to do:
    • Understanding key themes for PCI DSS 3.0
    • Making sense of the new requirements, guidance, and clarifications
    • What’s changed, what hasn’t, and what will affect merchants and services providers the most
    • Key considerations to ensure you don’t shortchange your audit preparations
  • Reducing Risk Through Effective Vulnerability Management Recorded: Dec 16 2013 33 mins
    Gavin Millard, Tripwire's EMEA Technical Director, will discuss why effective vulnerability management is critical to measuring, managing and reducing your attack surface and how to gain insight from the information Tripwire can provide.
    Topics covered will include
    • Why asset discovery is fundamental to understanding the size and scope of your extended infrastructure
    • How to gain full visibility into where the most vulnerable areas of the infrastructure reside through Tripwire’s market leading scoring approach
    • How to prioritise the hosts within the infrastructure to quickly reduce the risk and gain control of your attack surface
    • What reporting works with management to connect the value of vulnerability management to the business goals of the organisation
  • 2014 IT Security Budget Mistakes to Avoid Recorded: Nov 6 2013 56 mins
    Often during budget cycles, we’re handed a number – no choice or negotiation – this is just all you get. This year however, there are some positive trends in security budget research from Gartner, IDC, Ponemon, and CEB.

    This webcast will show you how to maximize your leverage of increased security spending, list the top three security budget mistakes and offer ideas that may help connect security to your organization’s bottom line.

    Tune in to hear:
    • Positive security budget trends and how to use them to increase your 2014 budget
    • Technology trends and their impact on your security budget
    • Budget presentation ideas for the C-Suite
  • Avoiding Vulnerability Info Overload: How to Prioritize and Respond to Risk Recorded: Oct 16 2013 32 mins
    Lamar Bailey, Tripwire's Director of the Vulnerability & Exposure Research team will provide you with a better understanding of:
    - Why is the Tripwire Vulnerability scoring so granular?
    - How do we arrive at those scores and why not just use CVSS?
    - What do you mean by business context of measuring risk?
    - How will it help us be more efficient managing risk?
  • Using the SANS Top 4 Controls to Measure and Reduce your Attack Surface Recorded: Oct 4 2013 36 mins
    Please accept our apologies for the technical difficulties encountered with this webinar on Monday. This is now due to take place on Friday 4th October.

    This hour-long webinar, hosted by Gavin Millard, Tripwire's EMEA Technical Director, will discuss:
    • Using the SANS critical controls to understand and reduce your infrastructures attack surface
    • Profiles of the current ‘threat actors’ and how the 20 CSC can help thwart the most common threats
    • How to measure the effectiveness of controls through metrics to ensure success and investment from the business
  • Strategic Vulnerability Management: Go Beyond Scanning Recorded: Sep 23 2013 55 mins
    Join Rick Holland, Forrester Senior Analyst, and Edward Smith, Product Marketing Manager at Tripwire, to learn how to go beyond scanning to a strategic vulnerability management program.
    In this webcast you’ll learn how a strategic VM program can help you:
    • Go from counting vulnerabilities to accurately measuring, managing, and communicating risk.
    • Understand and classify the assets and vulnerabilities in your environment
    • Triage remediation efforts for more efficient operations

    We hope you will join us.
  • CyberSecurity Awareness and the SANS 20 CSCs Recorded: Sep 12 2013 62 mins
    Join us for this conversational webinar featuring Jane Holl Lute, the new CEO of the Council on Cybersecurity, as she shares her thoughts on the rapidly evolving world of cybersecurity.

    In this webinar, you will learn:
    * How the Council on CyberSecurity will be influencing cybersecurity, the SANS 20 CSC, and how it may affect your organization
    *Suggestions from Jane's experience on threat actors
    *Value your organization may gain from upcoming activities and events involving Council on CyberSecurity
  • TLC 7.0: Creating Confidence through Improved Log Intelligence Recorded: Aug 26 2013 40 mins
    As Security Management solutions evolve to address today’s environment of complex security threats, the need for a log intelligence layer has emerged to provide high speed analysis and filtering of log and event data.

    In this webcast, Steve Hall, Director, Product & Solution Marketing at Tripwire, discusses what’s new with Tripwire Log Center: including the new Advanced Log Collector VIA Agent and the integration of iP360, which intelligently protects critical infrastructure with the correlation of SANS top four security controls.
  • How to Communicate Security Imperatives to the Business Recorded: Aug 7 2013 59 mins
    Global IT executive Jitender Arora and Dwayne Melancon, Tripwire’s CTO, will demonstrate the pitfalls and offer tips and tricks for communicating security initiatives with executives and non-financial stakeholders.
    In this webcast, you will learn how to:
    o Effectively communicate with non-technical executives
    o Align security initiatives with the goals of the business
    o Prioritize security controls according to protect what's most important in your organizations
    o Continuously measure progress and tie results back to the business objectives
    Join us for this informative—and entertaining—webcast!
  • I Didn't Know Tripwire Owned That! Recorded: Jun 25 2013 45 mins
    Join Bryce Schroeder,Systems Engineer Director of Tripwire, to get an overview of the technology Tripwire recently acquired through the purchase of nCircle.

    Hear why hardware and software discovery is the foundational control to understanding your attack surface and how nCircle's market leading Vulnerability management solutions can help reduce the risk of breach within your infrastructure.

    This 30 minute presentation will include an overview of the extended product portfolio, key advantages to the technology and why the nCircle acquisition complements Tripwire’s portfolio.
  • I Didn't Know Tripwire Owned That! Recorded: Jun 18 2013 38 mins
    Join Gavin Millard, EMEA Technical Systems Director of Tripwire, to get an overview of the technology Tripwire recently acquired through the purchase of nCircle.

    Hear why hardware and software discovery is the foundational control to understanding your attack surface and how nCircle's market leading Vulnerability management solutions can help reduce the risk of breach within your infrastructure.

    This 30 minute presentation will include an overview of the extended product portfolio, key advantages to the technology and why the nCircle acquisition complements Tripwire’s portfolio.
Leading Provider of IT Security and Compliance Automation Solutions
Tripwire’s powerful IT security and compliance automation solutions help businesses and government agencies take control of their IT infrastructure.
Try a powerful marketing platform for your videos and webinars. Learn more  >

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: GPG13 Compliance: More Than Log Collection and Monitoring
  • Live at: Dec 7 2011 11:00 am
  • Presented by: Ed Hamilton
  • From:
Your email has been sent.
or close
You must be logged in to email this