Posts Tagged ‘QSA’

Striving For PCI DSS Log Management Compliance Also Helps To Identify Attacks From The Outside

Wednesday, April 9th, 2008

The second paper in my series on PCI DSS log management compliance, “Using PCI DSS Compliant Log Management To Identify Attacks From The Outside” is now available.
And, as I’ve been blogging about over the past few days, log management is about much more than systems; it is about the entire management process, and the need to have policies, procedures and address the ways in which personnel review and know how to interpret the logs.

(more…)

One Word Makes A World Of Difference…To Auditors and To Practitioners

Monday, April 7th, 2008

I want to continue the discussion I started yesterday.
Is there a difference between “log management” and a “log management system”?

(more…)

Misquotes and Misinformation on PCI DSS Log Management

Sunday, April 6th, 2008

I always invite feedback and comments about my articles and books. I like to know what people have found useful as well as hear how I can improve upon my writing and see if there is any more information I could have added or expanded upon.
So, I was interested to see that Dr. Anton Chuvakin read one of my recent PCI DSS logging compliance papers and posted to his blog about it.
However, he made a significant misquote and provided misinformation, which provide good topics for discussion…

(more…)