"Designing a PCI-Compliant Log Monitoring System" paper is incredibly naive, since the author thinks "logging in PCI = Requirement 10." Read this instead and learn that logging is actually present (or implied!) in ALL 12 of the PCI DSS Requirements.
2 comments:
Anton, what about the PCI Answers blog? We talk about audit logging:
http://pcianswers.com/2006/07/31/track-and-monitor-all-access-to-network-resources-and-cardholder-data/
http://www.insecuremagazine.com/INSECURE-Mag-8.pdf
Thanks for the link to this insightful post! Really good stuff.
Post a Comment