I wish I had this course on Log Management for PCI DSS Compliance when I was a new PCI ISA...

Requirement 10 is one of the most notorious security requirements that induce migraine headaches as soon as you think about audit logging.

There’s nothing worse than finding out 36 servers stopped logging over 90 days ago.

True story. That happened in 2016.

The wasn’t enough chocolate chip cookies to make up for the painful conversations I had to have with everyone involved in the snafu.

It was a nightmare to fix and a humbling experience to explain to both the QSA and the acquirer what went wrong, why it went wrong, how we fixed it, and how we would ensure it would never happen again.

This all hands on deck fiasco is something we never want to see you go through. Ever.

In Log Management for PCI DSS Compliance, we’re providing an extensive overview of sub-requirements:

  • 10.2.x
  • 10.3.x
  • 10.4.x
  • 10.5.x
  • 10.7.x
  • Requirement dependencies

Nowhere else will you be taught the relationships and interconnectedness between Requirement 10 other PCI DSS requirements.

Ready to dive in?

You can take this course through our PCI DSS Training and Resource Center (you must be a subscriber) OR if a monthly subscription isn’t your cup of tea, you can take the course as an on-demand workshop.

Firewalls and Routers: How to Take Control of Unruly Firewall Rules, Configurations and Network Connections

Best Practice: Developers and system administrators request changes to firewall rule sets all the time. Whether it’s to do work on system components or test system components, these changes can make a mess out of your rule sets. It’s so easy for someone to unintentionally request an “any” rule which is prohibited in the cardholder data environment. Our best advice is to insert your ISA or someone on the compliance team into the firewall rule change review.

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.