"Designing a PCI-Compliant Log Monitoring System" paper is incredibly naive, since the author thinks "logging in PCI = Requirement 10." Read this instead and learn that logging is actually present (or implied!) in ALL 12 of the PCI DSS Requirements.
Anton, what about the PCI Answers blog? We talk about audit logging:
ReplyDeletehttp://pcianswers.com/2006/07/31/track-and-monitor-all-access-to-network-resources-and-cardholder-data/
http://www.insecuremagazine.com/INSECURE-Mag-8.pdf
Thanks for the link to this insightful post! Really good stuff.
ReplyDelete