20 E-commerce Security Best Practices including: “14 – Have emphasis on detective controls. A layered monitoring program is necessary to detect attacks and provide forensic information for incident response. If an incident occurs, the goal should be to detect it early on and limit further data compromise. Imagine the damage if an incident goes undetected for months or a year. Detective controls include centralized audit logs, log monitoring, file integrity monitoring and intrusion detection software.”

Link to Resource: E-Commerce Payment Card Security [PDF]

Source: Gideon T. Rasmussen, Bank of America

SIM Resource Guide Section: Security Information Management Best Practices