Thursday, August 30, 2007

OMG, How Naive!

"Designing a PCI-Compliant Log Monitoring System" paper is incredibly naive, since the author thinks "logging in PCI = Requirement 10." Read this instead and learn that logging is actually present (or implied!) in ALL 12 of the PCI DSS Requirements.


Anonymous said...

Anton, what about the PCI Answers blog? We talk about audit logging:

Anton Chuvakin said...

Thanks for the link to this insightful post! Really good stuff.

Dr Anton Chuvakin