Home > Information Security Magazine > Features > Log Wild
EMAIL THIS LICENSING & REPRINTS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Log Wild
by David Strom
Issue: Oct 2007
printer-friendly
licensing & reprints
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   NEXT PAGE  >

Leek suggests enlisting the aid of the internal legal staff to help bring about this unification; there are numerous regulations that require logs to be kept for varying time periods, and in some cases disposed of after established deadlines for privacy reasons. For example, HIPAA mandates a seven-year retention period, while PCI requires one year. It gets more complex for global corporations, where European and Asian laws come into play. And logs need to be intact if they are going to be used as evidence in civil or criminal proceedings, placing other requirements on their use. Given the contradictory legal requirements, having lawyers as partners becomes essential.

"We need to bring together IT and legal departments to help put in place overall enterprise IT logging standards," adds Leek. "Lawyers tend to not be very technical people. If you can make it simpler for them, they will make things simpler for you. But don't let your legal department run a logging project; instead, incorporate their advice, and try to speak the same language."

A primary objective should be to prevent departments from setting up their own log management tools, creating multiple places where logs live, says Matt Stevens, CTO of the information and event management group at RSA, the security division of EMC. "You need analysis across the enterprise and to make it accessible for all users, and log management needs to be an element of the overall management infrastructure," he says.

Log management is also now part of the overall network security infrastructure. As blended threats become more frequent and more corporate applications make deeper use of the Internet for connectivity, having a unified logging repository becomes another tool in the security chest to protect the enterprise.

"It is not your father's security landscape anymore," says Robert Whiteley, an analyst with Forrester Research. "Nowadays, threat mitigation is deeply embedded into the overall network infrastructure. But how well you maintain your environment is critical, and there is a huge range in terms of how data can be exposed for analysis and manipulated."

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts