Re: Review of logs/audit trail - whose responsibility?

[Dan Anderson <dan-anderson () cox net>]

Hi,

On Tue, Sep 29, 2009 at 2:06 AM, M.D.Mufambisi <mufambisi () gmail com> wrote:
> My 0.02. Im an IT Advisor and this issue is raised often by clients.
> In my humble opinion,Computer audit should review the logs and should
> have the necessary skill to do it. It cant be IT because IT generate
> ssome of the audited events and proper segregation of duties implies
> that you can not MONITOR your own activity.

I tend to agree with Ron.

It's a separation of duties thing.

IT can't review them because they are the ones that are running the
systems that generate those logs.

Audit shouldn't review them because audit is there to ensure that the
logs are being monitored - if you have audit review the logs who
provides the oversite?  You can't audit yourself.

So, you're left with IT generating the logs, security reviewing the
logs and audit providing oversite.

Dan

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------