When it comes to protected information security under PCI DSS, consistent purview over log data is the guidance. But it's known that this objective is not as easy as it sounds. Organizations managing PCI data are supposed to review log data and periodically schedule an assessment to be completed by an outside party. However with today's economy, and so much being asked of IT staff, I wonder if periodic review of sensitive data risk controls to comply with PCI DSS is adequate. Continue Reading >>>
