E-Book, Englisch, 192 Seiten
Maier Audit and Trace Log Management
Erscheinungsjahr 2004
ISBN: 978-0-203-49176-8
Verlag: Taylor & Francis
Format: PDF
Kopierschutz: Adobe DRM (»Systemvoraussetzungen)
Consolidation and Analysis
E-Book, Englisch, 192 Seiten
ISBN: 978-0-203-49176-8
Verlag: Taylor & Francis
Format: PDF
Kopierschutz: Adobe DRM (»Systemvoraussetzungen)
As regulation and legislation evolve, the critical need for cost-effective and efficient IT audit and monitoring solutions will continue to grow. Audit and Trace Log Management: Consolidation and Analysis offers a comprehensive introduction and explanation of requirements and problem definition, and also delivers a multidimensional solution set with broad applicability across a wide range of organizations. Itprovidesa wealth of information in the form of processwalkthroughs. These include problem determination, requirements gathering,scope definition, risk assessment, compliance objectives, systemdesign and architecture, implementation and operational challenges, productand solution evaluation, communication plans, project managementchallenges, and determining Return on Investment (ROI). By using templates, tools, and samples that enhance your understanding of processes and solution sets, the author successfully emphasizes the core themes of the book. He also includes many diagrams throughout his discussion that aid in a clear communication of process and solution recommendations. This volume enables you to gain the knowledge, perspective, and insight needed to independently implement a successful audit and monitoring management system tailored to the unique requirements of your organization.
Zielgruppe
Information security managers, IT auditors, network and system administrators
Autoren/Hrsg.
Weitere Infos & Material
Introduction to Audit Logging
The “Why” of Consolidated Audit Logging
Taking Stock, What Is in Place Today
What Forms or Levels of Logging Do You Currently Perform on This Device?
What Is the Volume, Amount of Data Collected in One 24-Hour Period?
What Is Your Retention Period; That Is, How Long Do You
Keep Retrievable Logs?
What Are the Formats for This Retention? 30 Days Online,
30 Days Tape, 3 Months CD?
What Is the “Write per Second” Timeframe? How Many Records
per Second Are Generated and Logged?
Where Are the Logs Stored Today (Locally on the Box, Locally
on a Nearby Server, or Remotely)?
If Stored Externally, How Are They Transported to the External
Store (Syslog, FTP, Other)?
Is There a Separate Physical Interface over Which the Logs Are
Distributed Out of the Box?
What Are the Access Control Mechanisms over Access to the
Stored Logs?
Who Reviews the Logs? At What Frequency?
What Is the Data Classification of This Log Data (Company
Secret, Confidential, Internal Use)?
Is There a Log Reporting System? How Are the Logs Accessed and
Viewed? How Many People in the Organization Are Required to
Have Access to These Logs?
What Is the Nature of the Reviews: Are Keywords Searched,
Summaries, or Just High-Level Eyeing of the Log Data?
Are There Additional Log Review, Storage, or Analysis
Capabilities That You Would Like to Have over This Log Data?
If So, What Are They?
The Completed Survey
Deciding What to Capture and How to Do It
Requirements Gathering for Whole Log Capture
The Normalization Process
Setting Up Correlation Rules, Putting Your Assembled
Infrastructure to Work
Security Event Management, Generating Reports from Your System
Security Event and Incident Management and Reporting
Security Alert Management (SAM)
Setting Security Alert Levels and Escalation Processes
Security Operations Center (SOC) Reporting
The Escalation Process
Level 1 Alerts
Management Reporting
Pulling It All Together and Making Your Case
Justifying Your System for Forensic Analysis
Gaining Buy-In for Your System
Future Implementation Strategies and Value-Added Components
