Slashdot Mirror


DSS/HIPPA/SOX Unalterable Audit Logs?

analogrithems writes "Recently I was asked by one of the suits in my company to come up with a method to comply with the new PCI DSS policy that requires companies to have write once, read many logs. In short the requirement is for a secure method to make sure that once a log is written it can never be deleted or changed. So far I've only been able to find commercial and hardware-based solutions. I would prefer to use an open source solution. I know this policy is already part of HIPPA and soon to be part of SOX. It seems like there ought to be a way to do this with cryptography and checksums to ensure authenticity. Has anyone seen or developed such a solution? Or how have you made compliance?"

5 of 381 comments (clear)

  1. Re:Go with commercial hardware solution by feepness · · Score: 5, Funny

    unless you want to spend the next 6 months explaining to your auditors how your homegrown solution works and then the next 6 months building something new that your auditors do understand (or worse, like losing your job). I dunno, I can lose my job WAY faster than 6 months.
  2. Re:Write them to a DVD jukebox by //rhi · · Score: 4, Funny

    I always thought that WORM stood for "Write Once, Read Maybe"
    //rhi - Enjoy the American Dream - You have to be asleep to believe it.

    --
    //rhi /.15411./
  3. Re:Question... What's to stop by More_Cowbell · · Score: 3, Funny

    /kill people who saw this form (difficult) or reverse a cryptographic hash (even more difficult).

    So you find it easier to kill people than to run computer programs... Remind me not to get on your shit list. :p

    --
    Experience teaches only the teachable. -AH
  4. Re:Syslog by kars · · Score: 4, Funny

    That's easy; feed the paper coming out of the printer through some sort of OCR machine.

    --
    Take life easy: one bit at a time.