Friday, April 04, 2008

Rebecca Herold on PCI and Logging

Rebecca Herold is doing some fun - if a bit lightweight - writing on PCI and logging. She also touches on using logs to deal with insiders. My ego is telling me to be upset since she doesn't mention either a "PCI Compliance" book (free chapter on logging for PCI is here) or any of my other related writing, but I will survive it :-)

However, she makes one snafu that makes me cringe (and also think negative thoughts :-) about this whole thing): she mentioned a "PCI-compliant log management system." This is clearly an absurd concept: PCI DSS does not certify log management system as "PCI -compliant." She also quotes others a bit too much to my taste...

In any case, check it out here.

Dr Anton Chuvakin