Proper audit and logging requirements are defined by the data itself, but I would focus less on the audit requirements
and more on the investigative requirements. If the data is compromised, the next step will be to analyze the situation forensically, draw some conclusions and hopefully prosecute the perpetrators.
If the data coming out of syslog is sufficient to investigate an incident -- and it's stored in a way that will stand up in court -- then I have a hard time believing it wouldn't satisfy an auditor.
- Prepare for a network security audit with these helpful tips.
- Learn how to use ISO 17799 and SAS 70 to achieve compliance best practices.
Dig deeper on IT Security Audits
Related Q&A from Mike Rothman, Contributor
In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about ...continue reading
Depending on your enterprise, it may or may not be necessary to utilize a QSA. In this security management expert response, learn how to determine ...continue reading
When developing software securely, what role does gap analysis play? In this security management expert response, learn how to implement gap analysis...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.