|
|
Policy, Standards, Regulations & Compliance
Re: Compliance Product Recomendation Jul 27 2007 05:46PM doug simpson bz (1 replies) RE: Compliance Product Recommendation Jul 28 2007 02:10PM Mark Curphey (mark curphey com) (1 replies) |
|
Privacy Statement |
appropriately? They can only check to see if an admin looked at the logs.
Surely there is a big difference? I don't want someone just looking at them,
I want them reviewing them and acting appropriately. Maybe that's the
difference between compliance and good information security!
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of ljknews
Sent: Saturday, July 28, 2007 4:32 PM
To: psrc (at) securityfocus (dot) com [email concealed]
Subject: RE: Compliance Product Recommendation
At 4:10 PM +0200 7/28/07, Mark Curphey wrote:
> Take # 1 FW's as an example. Best practice (over hyped term) would suggest
> someone reviews the logs and approves rule changes for a limited period of
> time. The solutions I have seen don't touch on this.
The "reviews logs" part is easily susceptible to automation, putting an
Audit Access Control Entry into the Access Control List for the log. One
certainly must interview humans to see what actions they are taking based
on log reviews, but the automated tool gives the assurance that a human
(for NIST SP 800-53 AU-6) or an automaton (for NIST SP 800-53 AU-6 (1))
really is reading those logs every hour/day/week/fortnight.
There seem to be tons of "log management" tools in the field. Are you
saying that none of them even check on review of logs themselves ?
--
Larry Kilgallen
[ reply ]