PCI. And according to our auditor 3.0 is going to be even stricter. We aren't the only business unit in the company that has a ROC so luckily we were given a blueprint. From there we could pick and choose what we needed to fit our environment regarding the requirements like FIM, IDS/IPS, SEIM...etc. I agree it would be easy to get carried away with whats needed to be compliant resulting in overkill. A great deal of research goes into trying to find the right solution that will be best tailored to our environment. Luckily thought we haven't had to re-invent the wheel.
↧
