« September 2006 | Main | November 2006 »
The SOX Burden
U.S. Treasury Secretary Henry Paulson said he is considering recommending changes to the 2002 Sarbanes-Oxley corporate governance law as its restrictions have overwhelmed some American companies.
While the "net result" of stricter reporting standards for executives has been positive, Sarbanes-Oxley has also contributed to "an atmosphere that has made it more burdensome for companies to operate," Paulson said in an interview today from Washington.
"We're going to need to look at how we can address some of these issues," Paulson said. "This is something we're giving a lot of thought to."
Posted October 26, 2006 in LogMatters | Permalink | TrackBack (0)
« September 2006 | Main | November 2006 »
Reads & Feeds
:: The Compliance Game: "CIOs are still struggling to comply with HIPAA's 10-year-old medical privacy regulations. And the smaller the healthcare organization, the harder the task. Fewer hospitals and healthcare facilities are fully complying with the law this year than in 2005, according to a recent survey by the American Health Information Management Association (AHIMA), a professional organization for health information executives. And more than one-quarter of U.S. security executives whose organizations need to be HIPAA-compliant admit that they are not, according to "The Global State of Information Security 2006," a study released last month by CIO and PricewaterhouseCoopers." More in this report on the state of HIPAA compliance.
:: The Skiny On ITIL: "CIO (a sister publication to CSO) reports that ITIL is gaining steam in the United States and that ITIL "helps IT departments improve their quality of service, including increased system uptime, faster problem resolution and better security." Partly fueled by a tougher regulatory framework—including Sarbanes-Oxley and the Federal Information Security Management Act of 2002—IT vendors and service providers report they are now fielding more requests for information about their ITIL capability."
Posted October 25, 2006 in LogMatters | Permalink | TrackBack (0)
« September 2006 | Main | November 2006 »
A Solution To A National Problem
FBI tells ISPs to keep logs
CNET pointed out earlier this week, that Robert Mueller, director of the FBI, has asked Internet service providers to record their customers' online activities in order to track down activities related to terrorism or sexual predators.
"All too often, we find that before we can catch these offenders, Internet service providers have unwittingly deleted the very records that would help us identify these offenders and protect future victims," said FBI director Robert Mueller.
CNET reports that as of right now, ISPs typically throw away log files that aren't relevant for business reasons such as network monitoring, fraud prevention or billing disputes, but that may all change. According to the article, the FBI and Justice Department are also thinking of forcing search engines to keep logs.
Interesting to see how this pans out. LMI is already being touted for network forensics -- it could easily make searching for evidence in these other scenarios.. effortless.
LMI also should allow for better management of the log files themselves. For instance, by providing better chain of custody over the secure log data thereby providing better assurance in relation to privacy and disclosure of log records. In effect, business and IT policies related to log data could be easily enforced by the LMI solution selected.
Posted October 18, 2006 in Log Management & Intelligence | Permalink | TrackBack (0)
« September 2006 | Main | November 2006 »
NIST Finalizes Log Management Guide
NIST has published final version of the "Guide to Computer Security Log Management." LogLogic's security veteren Anton Chuvakin participated in the review process. One area that Anton hoped would open up a bit was to eliminate the wall between security uses of logs and other IT uses for troubleshooting and other management issues related to IT and logs.
Customers are increasingly are coming to LogLogic for log management needs far beyond security. Our customers see LMI as a complement to good security. Recently the SANS Institute featured one of our customers in a WhatWorks webinar. He said...
"Initially we thought that log management was going to be part of security monitoring. But then as we started looking at different pieces of the framework, whether it related to security monitoring, maybe our mitigation process, or vulnerability management process, we found that we had all this log information that resides in individual services or platforms around the world, supported by different operations teams.
And to be able to access that data quickly and efficiently, and have it centrally available was key for us to successfully meet our goals for deploying this framework."
The complete archive of the webcast is here.
Posted October 17, 2006 in Log Management & Intelligence , LogMatters | Permalink | TrackBack (0)
« September 2006 | Main | November 2006 »
Making Sense Of Your Log Files
If you are looking for an independent view of LogLogic appliances take a look at Techworld.
"LogLogic’s products are a bit of an eye-opener, because they make you realise just how relevant your log files are even to non-techies, not least in relation to compliance with modern-day information storage requirements such as Sarbanes Oxley or Basel II. The architecture is cleverly designed, you can deploy LX and ST units in whatever combinations fit your purposes, and they’re easy to use, manage and integrate into your organisation’s network. "
"...you will at least see a huge reduction in the time and effort (and thus cost) of analysing your systems and/or dredging up historical log data."
Posted October 16, 2006 in LogMatters | Permalink | TrackBack (0)
« September 2006 | Main | November 2006 »
How to Select a Log Management Approach
At the SANS Network Show in Las Vegas last Wednesday LogLogic's Anton Chuvakin presented a "standing room only" lunch session on "Selecting a Log Management Approach." We were asked to post the slides in which Anton takes a look at the key choices in log management and intelligence, along with best practices, drawing on LogLogic's customer experiences.
Anton tackles the key questions over whether to build with open source tools or buy a solution -- by giving you the questions you should ask your vendor and what to do about ROI and compliance. Choices, risks, and advantages of all options, as well as a look at strategies you can use today to harness your logjam are explored.
The slides are available as a pdf download.
Posted October 10, 2006 in Compliance , Innovation , Log Management & Intelligence | Permalink | TrackBack (0)
« September 2006 | Main | November 2006 »
PCI in the UK
Looks like European merchants are recognizing PCI DSS. A report out from UK-based The Logic Group now reports 85% of respondents are aware of the PCI DSS standard, which is a significant improvement from the group's last survey which reported just 45% knew about PCI. With compliance due in June 2007, 60% of companies surveyed are currently at the PCI assessment phase says the group.
Just last month the PCI standard got American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International announced the formation of an independent council designed to manage the ongoing evolution of PCI DSS.
Posted October 05, 2006 in Compliance | Permalink | TrackBack (0)
November 2007
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 |
Categories
Archives
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005