Date Added: Oct 2012
As organizations struggle to pass compliance audits, they often overlook the true intent of the requirements spelled out in those regulations or standards. Lately, this has been the case for the requirement for file integrity monitoring, or FIM. Most organizations use FIM simply to check the checkbox, particularly for PCI requirement 11.5. But most complain that file integrity monitoring is no longer useful - that it just creates noise by capturing change data without providing any insights into whether a given change is good or bad. In this paper, we discuss: What FIM is and its origins, Why the reputation of FIM has become tarnished, Confusion around the intent of FIM in PCI, and The capabilities a true FIM solution must have to protect data and improve security.