dcsimg

Find an IT Download

Guide to Computer Security Log Management

Your admins need to more than just collect security logs -- they need to secure that data and continually monitor it for anomalies and risk. This document will give your team guidance on setting up proper procedures.


1.6 MB | 3 files | null DOC,null PDF

A log is a record of the events occurring within an organization's systems and networks. Logs are composed of log entries; each entry contains information related to a specific event that has occurred within a system or network. Many logs within an organization contain records related to computer security. These computer security logs are generated by many sources, including security software, such as antivirus software, firewalls, and intrusion detection and prevention systems; operating systems on servers, workstations, and networking equipment; and applications.

The number, volume, and variety of computer security logs have increased greatly, which has created the need for computer security log management — the process for generating, transmitting, storing, analyzing, and disposing of computer security log data. Log management is essential to ensuring that computer security records are stored in sufficient detail for an appropriate period of time. Routine log analysis is beneficial for identifying security incidents, policy violations, fraudulent activity, and operational problems. Logs are also useful when performing auditing and forensic analysis, supporting internal investigations, establishing baselines, and identifying operational trends and long-term problems. Organizations also may store and analyze certain logs to comply with Federal legislation and regulations, including the Federal Information Security Management Act of 2002 (FISMA), the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Sarbanes-Oxley Act of 2002 (SOX), the Gramm-Leach-Bliley Act (GLBA), and the Payment Card Industry Data Security Standard (PCI DSS).

A fundamental problem with log management that occurs in many organizations is effectively balancing a limited quantity of log management resources with a continuous supply of log data. Log generation and storage can be complicated by several factors, including a high number of log sources; inconsistent log content, formats, and timestamps among sources; and increasingly large volumes of log data. Log management also involves protecting the confidentiality, integrity, and availability of logs. Another problem with log management is ensuring that security, system, and network administrators regularly perform effective analysis of log data. This publication provides guidance for meeting these log management challenges.

Included in this ZIP file are:

  • Cover sheet and terms.pdf
  • Guide to Computer Security Log Management.pdf
  • Intro page.pdf

Related IT DOWNLOADS

Recent IT Downloads
Building a GRC Program: Assessing Stakeholder Needs and Readiness

This table outlines the top needs of each stakeholder group that can help guide your conversat...Read More

Recent IT Downloads
Job Description: Technology Project Manager

Whether you're looking to hire one or looking for a position yourself, use this detailed job d...Read More

Recent IT Downloads
Case Studies in Strategic Planning

Chapter 1 delves into the first four stages of systematic strategic planning, including clarif...Read More

Recent IT Downloads
Software Quality Assurance: Integrating Testing, Security, and Audit

This excerpt focuses on the conceptual aspects of defect management, including the basic conce...Read More