RE: Review of logs/audit trail - whose responsibility?

["Matt Flynn" <mflynn () netvision com>]

I know I'm late to the discussion, but I don't think it's possible to ignore
your point that each company might implement it differently.  The fact seems
to be that each company not only implements differently, but is also
organized differently.  I speak to many organizations concerned with audit
and 'Computer Audit' is not a group that I often run into.  For many
organizations, the audit group is a non-IT group.  So, they rely on IT to
provide answers.  They would prefer not to have to call IT, but
unfortunately IT systems are complex and auditors don't always have a way to
get answers on their own.

I agree with the consensus here that there should be a separation of
responsibilities.  Someone needs to provide oversight on the IT
administrators. Whoever is responsible for the audit, whether it be a
security group, an internal audit group, or an external auditor should
confirm that appropriate permissions are applied and user and admin activity
is in line with security policies.

Matt Flynn
NetVision


----- Original Message -----
From: <sfmailsbm () gmail com>
To: <security-basics () securityfocus com>
Sent: Tuesday, September 22, 2009 6:00 PM
Subject: Review of logs/audit trail - whose responsibility?


> Dear all,
>
> a simple question:
>
> we all agree that there must be logs and audit trails to enable tracing
back and monitoring of suspicious activities
> Logs should be reviewed regularly to identify abnormal activities
>
> however, who should "ideally" be responsible for this regular (daily)
monitoring of logs?
> Is it IT, IT Security or Computer Audit?
>
> I know that each company might implement it differently, but from a
conceptual point of view, in terms of security, what will be the most
appropriate choice?
> thanks for your comments
>
> Regards,
> Ronish
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.
>
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
> ------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------