Increasingly, however, IT administrators are under pressure to get a handle on their logging practices and manage log data. Regulations such as SOX and HIPAA require some type of audit trail, making log management critical for demonstrating compliance, while the Payment Card Industry (PCI) Data Security Standard specifically calls out the need for log review. Also, the latest changes to the Federal Rules of Civil Procedure (FRCP) require better log collection for legal evidence.
"We have seen a shift in the market toward regulatory and government-based standards to drive purchases of log management systems," says Chris Pick, vice president of products and marketing for NetIQ.
Part of the challenge is the need to look at logging from an enterprise perspective, and move toward having a common and centralized repository for all logging data.
The ultimate goal is to have this single repository used for a variety of purposes, from satisfying auditors and responding to
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
e-discovery requests (see "How to Deal with New E-Discovery Rules") in the event of a lawsuit, to managing real-time security threat analysis and network and applications troubleshooting.
"Logging standards and practices typically do not exist across an organization, and they are difficult to enforce even if they do exist," says Jay Leek, manager of corporate IT security services at Nokia.
This was first published in October 2007