Re: Review of logs/audit trail - whose responsibility?

["Quentin Chung@Programmer" <quentin.chung () programmer com hk>]

my 2%
simply the person who are not the service owner(implementation nor operation) has the ability to understand the log 
contents and have appropriate follow-up actions if (s)he found suspects from it.   

Best Regards, Quentin
----- Original Message ----- 
From: <sfmailsbm () gmail com>
To: <security-basics () securityfocus com>
Sent: Tuesday, September 22, 2009 6:00 PM
Subject: Review of logs/audit trail - whose responsibility?


> Dear all,
>
> a simple question:
>
> we all agree that there must be logs and audit trails to enable tracing back and monitoring of suspicious activities
>
> Logs should be reviewed regularly to identify abnormal activities
>
> however, who should "ideally" be responsible for this regular (daily) monitoring of logs?
>
> Is it IT, IT Security or Computer Audit?
>
> I know that each company might implement it differently, but from a conceptual point of view, in terms of security, 
> what will be the most appropriate choice?
>
> thanks for your comments
>
> Regards,
> Ronish
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------