DSS/HIPPA/SOX Unalterable Audit Logs? 381
analogrithems writes "Recently I was asked by one of the suits in my company to come up with a method to comply with the new PCI DSS policy that requires companies to have write once, read many logs. In short the requirement is for a secure method to make sure that once a log is written it can never be deleted or changed. So far I've only been able to find commercial and hardware-based solutions. I would prefer to use an open source solution. I know this policy is already part of HIPPA and soon to be part of SOX. It seems like there ought to be a way to do this with cryptography and checksums to ensure authenticity. Has anyone seen or developed such a solution? Or how have you made compliance?"
USB Card punch (Score:2, Funny)
Hard to change punched cards. Just don't trip with your box of cards.
Tattoos (Score:2, Funny)
Ontop of the obvious benefits, it provides a good deal of job security, if they get fired, they take away some important data, your employees will be thrilled with their newfound sense of security.
Re:Sometimes, the old ideas are the best (Score:1, Funny)
Write-Only Memory (Score:5, Funny)
Re:Go with commercial hardware solution (Score:5, Funny)
Re:Write them to a DVD jukebox (Score:4, Funny)
How come nobody mentioned this ? (Score:1, Funny)
Re:Question... What's to stop (Score:3, Funny)
So you find it easier to kill people than to run computer programs... Remind me not to get on your shit list. :p
Re:USB Card punch (Score:1, Funny)
Re:Syslog (Score:4, Funny)
Re:Write them to a DVD jukebox (Score:1, Funny)
Re:use a line printer (Score:2, Funny)