Article Blog Image

The Bob Loblaw Log Blog

Requirement 10

Logs provide an important role in the security of your environment. They are a recording what happened and a method to recreate events that led to a security incident. That’s if you capture all of them, if you protect their integrity, and if you are looking for the right things. These common pitfalls affect the ability to monitor your environment and meet PCI requirements.

Capturing all the Logs (10.2.1)

Many times during the annual...

Article Blog Image

Starbucks & PCI

Alternative Payments

Chapter 19 of our book goes through a number of fun topics, including alternative payment schemes, emerging technologies, and a prediction or two on where we see things going and how you can prepare for these changes. There are a couple that we wanted to expand on here in a blog especially with respect to your obligations with PCI DSS compliance.

In 2013, Branden authored a blog post that got a ton of attention....

Article Blog Image

Truncation is a Friend

Truncation

We felt like the echos just kept getting louder in the book. You don’t have to secure what you don’t store, which means your scope is reduced with a solid truncation strategy. In fact, truncation is the next best thing to secure destruction when it comes to scope reduction and PCI DSS.

When Branden worked for a large bank, this was the strategy he chose to employ in the areas subject to PCI DSS. In...