David Spark here reporting for Tripwire at the 2010 RSA Conference in San Francisco.
I spoke with Bob Russo, General Manager of the PCI Security Standards Council, about the common practice of companies turning on their server logs, just because they need to for compliance, and then never actually looking at it. It’s kind of pointless at that point. It’s like turning on a security camera but never hiring someone to look at the feed or look at the tapes.
Make sure you also read my summary of Russo’s presentation, “PCI 2.0? What’s Next for the PCI Security Standards and Council?”
Check out more of Tripwire’s coverage from the 2010 RSA Conference in San Francisco.