I wish I had this course on Log Management for PCI DSS Compliance when I was a new PCI ISA...

Requirement 10 is one of the most notorious security requirements that induce migraine headaches as soon as you think about audit logging.

There’s nothing worse than finding out 36 servers stopped logging over 90 days ago.

True story. That happened in 2016.

The wasn’t enough chocolate chip cookies to make up for the painful conversations I had to have with everyone involved in the snafu.

It was a nightmare to fix and a humbling experience to explain to both the QSA and the acquirer what went wrong, why it went wrong, how we fixed it, and how we would ensure it would never happen again.

This all hands on deck fiasco is something we never want to see you go through. Ever.

In Log Management for PCI DSS Compliance, we’re providing an extensive overview of sub-requirements:

  • 10.2.x
  • 10.3.x
  • 10.4.x
  • 10.5.x
  • 10.7.x
  • Requirement dependencies

Nowhere else will you be taught the relationships and interconnectedness between Requirement 10 other PCI DSS requirements.

Ready to dive in?

You can take this course through our PCI DSS Training and PCI Compliance Toolkit (you must be a subscriber) OR if a monthly subscription isn’t your cup of tea, you can take the course as an on-demand workshop.

Click here to Subscribe to the PCI Compliance Toolkit
Click here for the single on-demand workshop

Discover more from Payment Card Assesments

Subscribe to get the latest posts sent to your email.

Tags: , , ,

Blog Posts

20 Mar 2023
PCI Report on Compliance

10 Essential Tasks To Do BEFORE You Start Your 2023 PCI Report On Compliance

Don’t Start Your 2023 PCI Report on Compliance Without Doing These 10 Essential Tasks FIRST:

The end of the first quarter is quickly approaching. It’s time to get your PCI Compliance house in order.

Because nobody wants to be the next Landry’s and have a $20M fine upheld by federal court.

1. You have a copy of the signed Statement of Work with your QSA

Make sure you have this statement of work at your fingertips throughout your assessment period. This agreement protects you and your QSA for work that is contractually agreed upon.

2. Complete an end-to-end PCI Scope Assessment

The success of your PCI Report on Compliance hinges upon an accurate PCI Scope Assessment.

Your scope assessment includes the who, what, where, when, why, and how of your cardholder data environment and anything or anybody that connects to your cardholder data environment.

20 Feb 2023
PCI DSS, PCI Report on Compliance

4 Smart Ways To Stop Overcomplicating PCI Compliance

You can do PCI Compliance the Smart Way or the Hard Way. Which way do you choose?

You know that saying, “objects appear bigger in the rearview mirror,” right?

When it comes to PCI Compliance, satisfying the requirements often looks bigger the more you stare at them. And when you look at the requirements in isolation, they often look next to impossible to implement. Your brain (and my brain) want to over complicate what needs to be in place to secure the cardholder data environment.

Maybe you jump immediately to implementing the newest shiny security tool without thinking of how it will impact other in scope systems.

Maybe you leap to more complexity by adding layers of security controls and processes when one solid, repeatable process will do.

Or maybe you bury your head in the sand and sing lalalalalalalalalalala….(honestly, there were days I wish I could’ve done that!)

PCI Compliance doesn’t have to be complicated.

Here’s 4 smart ways to stop overcomplicating your PCI Compliance program:

Leave a Reply

Discover more from Payment Card Assesments

Subscribe now to keep reading and get access to the full archive.

Continue reading