Policy, Standards, Regulations & Compliance
Re: Compliance Product Recomendation Jul 27 2007 05:46PM
doug simpson bz (1 replies)
RE: Compliance Product Recommendation Jul 28 2007 02:10PM
Mark Curphey (mark curphey com) (1 replies)
RE: Compliance Product Recommendation Jul 28 2007 02:31PM
ljknews (ljknews mac com) (1 replies)
At 4:10 PM +0200 7/28/07, Mark Curphey wrote:

> Take # 1 FW's as an example. Best practice (over hyped term) would suggest
> someone reviews the logs and approves rule changes for a limited period of
> time. The solutions I have seen don't touch on this.

The "reviews logs" part is easily susceptible to automation, putting an
Audit Access Control Entry into the Access Control List for the log. One
certainly must interview humans to see what actions they are taking based
on log reviews, but the automated tool gives the assurance that a human
(for NIST SP 800-53 AU-6) or an automaton (for NIST SP 800-53 AU-6 (1))
really is reading those logs every hour/day/week/fortnight.

There seem to be tons of "log management" tools in the field. Are you
saying that none of them even check on review of logs themselves ?
--
Larry Kilgallen

[ reply ]
RE: Compliance Product Recommendation Jul 28 2007 02:42PM
Mark Curphey (mark curphey com) (1 replies)
RE: Compliance Product Recommendation Jul 28 2007 05:04PM
ljknews (ljknews mac com)


 

Privacy Statement
Copyright 2010, SecurityFocus