Proper audit and logging requirements are defined by the data itself, but I would focus less on the audit requirements and more on the investigative requirements. If the data is compromised, the next step will be to analyze the situation forensically, draw some conclusions and hopefully prosecute the perpetrators.
If the data coming out of syslog is sufficient to investigate an incident -- and it's stored in a way that will stand up in court -- then I have a hard time believing it wouldn't satisfy an auditor.
- Prepare for a network security audit with these helpful tips.
- Learn how to use ISO 17799 and SAS 70 to achieve compliance best practices.
Dig Deeper on IT security audits and audit frameworks
Related Q&A from Mike Rothman
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
While liaison officer responsibilities vary depending on the company they work for, their strong organizational and communications skills make them ... Continue Reading
The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP ... Continue Reading