1.6 MB | 3 files | DOC, PDF
Your admins need to more than just collect security logs -- they need to secure that data and continually monitor it for anomalies and risk. This document will give your team guidance on setting up proper procedures.
A log is a record of the events occurring within an organization's systems and networks. Logs are composed of log entries; each entry contains information related to a specific event that has occurred within a system or network. Many logs within an organization contain records related to computer security. These computer security logs are generated by many sources, including security software, such as antivirus software, firewalls, and intrusion detection and prevention systems; operating systems on servers, workstations, and networking equipment; and applications.
The number, volume, and variety of computer security logs have increased greatly, which has created the need for computer security log management — the process for generating, transmitting, storing, analyzing, and disposing of computer security log data. Log management is essential to ensuring that computer security records are stored in sufficient detail for an appropriate period of time. Routine log analysis is beneficial for identifying security incidents, policy violations, fraudulent activity, and operational problems. Logs are also useful when performing auditing and forensic analysis, supporting internal investigations, establishing baselines, and identifying operational trends and long-term problems. Organizations also may store and analyze certain logs to comply with Federal legislation and regulations, including the Federal Information Security Management Act of 2002 (FISMA), the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Sarbanes-Oxley Act of 2002 (SOX), the Gramm-Leach-Bliley Act (GLBA), and the Payment Card Industry Data Security Standard (PCI DSS).
A fundamental problem with log management that occurs in many organizations is effectively balancing a limited quantity of log management resources with a continuous supply of log data. Log generation and storage can be complicated by several factors, including a high number of log sources; inconsistent log content, formats, and timestamps among sources; and increasingly large volumes of log data. Log management also involves protecting the confidentiality, integrity, and availability of logs. Another problem with log management is ensuring that security, system, and network administrators regularly perform effective analysis of log data. This publication provides guidance for meeting these log management challenges.
Included in this ZIP file are:
Whether you're looking to hire one or looking for a position yourself, use this detailed job description to find out what the role of a Technology Project Manager entails. ... More >>
Chapter 1 delves into the first four stages of systematic strategic planning, including clarifying current conditions, identifying competitive advantages, defining opportunities and developing strategies. ... More >>
This excerpt focuses on the conceptual aspects of defect management, including the basic concepts of a defect, how to manage defects, and an analysis of the root causes of defects. ... More >>