Chapter 17

Requirement 10

Logging and Monitoring for the PCI Standards

Audit trails are the first and usually the only way to identify security flaws and breaches. Audit trails are meant to provide useful and relevant information about the usage of a system. If this information is captured effectively, it can tell system owners and stakeholders how the system is being used, identify its users, and indicate whether there are any anomalies in the system. Additionally, audit trails are required as evidence in legal proceedings in cases of fraud where the company has to prove the wrongdoing of a person or group of individuals against the system. This chapter focuses on Requirement 10 of the PCI-DSS, which exclusively addresses issues regarding logging, ...

Get PCI Compliance now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.