[logs] Log Policy Jan 31 2008 01:26AM
Greg Vickers (g vickers qut edu au) (3 replies)
RE: [logs] Log Policy Feb 01 2008 04:58PM
Fenwick, Wynn (wynn fenwick cgi com)
I would check out the following non-exhaustive list:

My PCI pointers are in scope if you are doing credit cards and the like.
My ISO 17799 pointers are based on an older version of ISO 270001.

Necessity for Existence
Enable Audit Logging (17799 §10.10.1)

External System Inputs, Process and Dependency
Link System Component Access to an Individual User (PCI §10.1)
File Integrity Checks (PCI § 11.5)

Collection Scope, Filtering and Granularity
Log Message Contents (PCI §10.3)

Supported Operational Processes
Monitoring System Use (17799 §10.10.2)
Fault Logging Activities (17799 §10.10.5)
Log Review and Scope Definition (PCI §10.6)

Administration of Collection Systems
Separation of Duties (17799 §10.1.3)
Administrator Logs and Segregation of Duties (17799 §10.10.4)

Preservation of Forensic Value
Protection of Log Information (17799 §10.10.3)
Secure Audit Trails from Alteration (PCI §10.5)
Clock Synchronization (17799 §10.10.6)
Clock Synchronization (PCI §10.3)

Retention and Storage
Collection and Retention of Logs as Evidence (17799 §10.10.4)
Retention of Logs (PCI §10.7)

Hope it helps!


Wynn Fenwick, GCIH, GCIA, ITIL
Chief Technical Architect
CGI Managed Security Solutions
Tel: (613) 740-5900 x5192

-----Original Message-----
From: loganalysis-bounces (at) loganalysis (dot) org [email concealed] [mailto:loganalysis-bounces (at) loganalysis (dot) org [email concealed]] On Behalf Of Greg Vickers
Sent: Wednesday, January 30, 2008 8:27 PM
To: loganalysis (at) loganalysis (dot) org [email concealed]
Subject: [logs] Log Policy


I am drafting a Log Policy for the Queensland University of Technology and was wondering if any list members have such a policy (for their organisation or employer) that they would be willing to send me, or to point me at?

If you know of a good resource, or tips on writing such a policy, please let me know :)

Greg Vickers
IT Security Engineer & Project Manager
IT Security, Network Services,
Information Technology Services
Queensland University of Technology
L12, 126 Margaret St, Brisbane
Queensland, Australia

Phone: +61 7 3138 6902
Mobile: 0410 434 734
Fax: +61 7 3138 2921
Email: g.vickers (at) qut.edu (dot) au [email concealed]
IT Security web site: http://www.its.qut.edu.au/itsecurity/

CRICOS No. 00213J

LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]

[ reply ]
Re: [logs] Log Policy Feb 01 2008 04:11AM
Mordechai T. Abzug (morty frakir org) (1 replies)
[logs] Looking at windows logs May 29 2008 12:42PM
James B Horwath (Jim_Horwath glic com) (4 replies)
RE: [logs] Looking at windows logs May 29 2008 08:40PM
Rainer Gerhards (rgerhards hq adiscon com)
Re: [logs] Looking at windows logs May 29 2008 07:16PM
Harlan Carvey (keydet89 yahoo com)
RE: [logs] Looking at windows logs May 29 2008 06:49PM
Pauls, Nicole (npauls trigeo com)
RE: [logs] Looking at windows logs May 29 2008 06:30PM
Grimes, Jason (jg48 txstate edu)
Re: [logs] Log Policy Feb 01 2008 12:18AM
Anton Chuvakin (anton chuvakin org) (2 replies)
Re: [logs] Log Policy Feb 01 2008 03:06AM
ron dilley (ron dilley gmail com)
Re: [logs] Log Policy Feb 01 2008 03:04AM
Greg Vickers (g vickers qut edu au)


Privacy Statement
Copyright 2010, SecurityFocus