Skip down to page content

IT Security, Compliance and Best Practices

Disclaimer: Tripwire is not responsible for the content of the blog. The blog represents the views of the individual contributors only and not Tripwire.

«
»

RSA 2010: If you don’t look at your log data, how are you going to catch data breaches?

Posted by David Spark

David Spark here reporting for Tripwire at the 2010 RSA Conference in San Francisco.

I spoke with Bob Russo, General Manager of the PCI Security Standards Council, about the common practice of companies turning on their server logs, just because they need to for compliance, and then never actually looking at it. It’s kind of pointless at that point. It’s like turning on a security camera but never hiring someone to look at the feed or look at the tapes.

Make sure you also read my summary of Russo’s presentation, “PCI 2.0? What’s Next for the PCI Security Standards and Council?”

Check out more of Tripwire’s coverage from the 2010 RSA Conference in San Francisco.

  • Share/Bookmark

Tags: , , , , , , ,

This entry was posted on Wednesday, March 3rd, 2010 at 12:30 pm and is filed under Compliance, Log Management/SEIM, PCI, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

blog comments powered by Disqus