Database Activity Monitoring

Who has unlimited access to your data? None other than the database administrators. We do trust them, don.t we? Yep, what else we can do. There are two things we need to consider; (1) what if the DBA turn malicious? (2) What if the good DBAs accounts are compromised?. The…

File integrity requirement of the PCI DSS

I always wondered about the file integrity monitoring requirement of the PCI DSS standard. What is the purpose of this requirement? Is it a control or an compensating control. Isn.t it something similar to the much debated .code review or web application firewall. subject? To understand more about this control,…