Security Blog

Hack your logs

You might or might not know that just before the summer solstice, the mighty PCI Council released the final version of the Information Supplement from the most recent SIG (Special Interest Group) effort: Effective Daily Log Monitoring.

Log management provides protection
Logs in PCI DSS are very important. Requirement 10 is almost completely about logs. The reason is simple, maintaining proof of what is happening in your system is very important and if you manage to transfer this proof to a guarded centralized system, for even better protection of the proof, it is even better.

The information supplement gives you guidance of how to implement a proper Log process and procedure in your company.

Quoted from paragraph 1.4:

“This document seeks to address these challenges by explaining the intent behind PCI DSS Requirements for log monitoring, and providing guidance on the planning, implementation, and application of effective log-monitoring and management practices. However, the primary focus of this document is log monitoring within the context of PCI DSS, and all discussions are intended to provide those with PCI DSS compliance obligations guidance on improving compliance with PCI DSS log-monitoring requirements.”

During my PCI-DSS assessments as a QSA, I meet customers who are nervous about performing the “Daily Log Review”. Many times I find inconsistencies in the process and procedures related to Requirement 10 and its correlated part of Requirement 12, specifically 12.10 and its sub-requirements.

This information supplement is a gift from the SIG, that I proudly took part in drafting and reviewing. It might shed some light on such a mysterious and scary topic, so that no malicious individuals can hack your logs in order to erase their tracks.

No more root without logs.

I know I am a nerdy person 🙂

  • 24 Solutions AB
  • Smedjegatan 2C
  • SE-13154 Nacka, Sweden
  • +46 (0)8 535 24 100