all InfoSec news
PII Included in Audit Logs
May 25, 2022, 10:26 p.m. | /u/ank5133
cybersecurity www.reddit.com
We have a client that is interested in including PII within their audit logs that get forwarded to a SIEM tool managed by an external service provider. The ESP has a FedRAMP-accredited environment and their SOC Team is authorized to view PII/PHI, so I'm too concerned from a compliance standpoint.
However, is it generally considered a bad practice to include PII or should be it masked? If masking/anonymizing is the path forward, can someone provide some justifications into why? …
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Security Engineer II, Offensive Security Penetration Testing
@ Amazon.com | US, TX, Virtual Location - Texas
Cybersecurity Specialist (Security Engineering)
@ Triton AI Pte Ltd | Singapore, Singapore, Singapore
Information Systems Security Officer (ISSO)
@ ARA | Arlington, Virginia, United States
Lead - IT Risk compliance & Info Security
@ First Advantage | Bengaluru-560042, Karnataka
Embedded VSOC Analyst
@ Sibylline Ltd | Australia, Australia