Every computer action registers a log somewhere – giving a rich source of data that can help businesses identify any trace of corruption within their networks. Log collection is also a strong component of keeping in line with legislation such as Sarbanes-Oxley, HIPAA, GLBA in the US, and the European Data Protection Directive in the EU. Mathieu Gorge looks at what logs organizations need to keep and what standards require their storage. He recommends proactive monitoring of firewalls, anti-virus, VPNs and IDS logs among other security systems. The main goal is to link a transaction back to an individual user in order to perform a forensic investigation. But it is important to be wary, as some countries do not allow companies to monitor staff usage of IT systems. See page 3 on how the European court ruled that a British college's monitoring of one employee was a breach of human rights. Therefore, linking a log with a person's actions may not stand up in court. Gorge says logs can give as good an insight into external attacks as well as internally driven ones. Logs should be analyzed for the following: •User account activity: creation, elevation of privilege, changes, inactivity.•Client requests and server response.•Operational status: shutdown (planned or unplanned), system failure and automatic restart.•Usage information and trends – basic user behaviour analysis. User account activity: creation, elevation of privilege, changes, inactivity. Client requests and server response. Operational status: shutdown (planned or unplanned), system failure and automatic restart. Usage information and trends – basic user behaviour analysis. It is best practice to collect, store and analyze logs with a view to being able to get complete, accurate and verifiable information. This will improve the organization's ability to comply with key standards and legislation as regards e-evidence. It could save an organization from potential liability and repair costs and will give visibility over mission critical and security systems, performance and usage. The main advice is to remain proactive so as to be able to respond to a security incident and comply with legal requests should anything happen. Mathieu Gorge looks at what logs can do for your business and how governance demands them.
Read full abstract