Security Basics mailing list archives
RE: Review of logs/audit trail - whose responsibility?
From: "Rivest, Philippe" <PRivest () transforce ca>
Date: Wed, 23 Sep 2009 11:39:07 -0400
Hi
From my point of view, IT should be the one reviewing the logs. These logs
contain technical information and IT is the only one aware of what is going on and what should NOT happen. However, I would stress out that log review should be (best case) reviewed daily and a report should be sent to management to confirm that the review was done and if it was satisfying or not. (dashboard type). IT security has a lot of other things to do than review logs files, same for people doing computer audits and so on. Philippe Rivest - CEH, Network+, Server+, A+ TransForce Inc. Internal auditor - Information security Verificateur interne - Securite de l'information 8585 Trans-Canada Highway, Suite 300 Saint-Laurent (Quebec) H4S 1Z6 Tel.: 514-331-4417 Fax: 514-856-7541 http://www.transforce.ca/ -----Message d'origine----- De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De la part de sfmailsbm () gmail com Envoyé : 22 septembre 2009 06:00 À : security-basics () securityfocus com Objet : Review of logs/audit trail - whose responsibility? Dear all, a simple question: we all agree that there must be logs and audit trails to enable tracing back and monitoring of suspicious activities Logs should be reviewed regularly to identify abnormal activities however, who should "ideally" be responsible for this regular (daily) monitoring of logs? Is it IT, IT Security or Computer Audit? I know that each company might implement it differently, but from a conceptual point of view, in terms of security, what will be the most appropriate choice? thanks for your comments Regards, Ronish ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------
Attachment:
smime.p7s
Description:
Current thread:
- Review of logs/audit trail - whose responsibility? sfmailsbm (Sep 23)
- RE: Review of logs/audit trail - whose responsibility? Rivest, Philippe (Sep 28)
- Re: Review of logs/audit trail - whose responsibility? Quentin Chung@Programmer (Sep 28)
- Re: Review of logs/audit trail - whose responsibility? Gleb Paharenko (Sep 28)
- Re: Review of logs/audit trail - whose responsibility? M.D.Mufambisi (Sep 29)
- Re: Review of logs/audit trail - whose responsibility? Dan Anderson (Sep 30)
- Re: Review of logs/audit trail - whose responsibility? M.D.Mufambisi (Sep 29)
- <Possible follow-ups>
- Re: Review of logs/audit trail - whose responsibility? craig . wilson (Sep 28)
- Re: Review of logs/audit trail - whose responsibility? ron (Sep 28)
- Re: Review of logs/audit trail - whose responsibility? krymson (Sep 30)