« What are the five top mistakes of data encryption | Main | Expensive Sox... »

Who's minding your security events?

Warning signs buried in audit logs and system security events  are often ignored or simply unnoticed by IT pros until it's too late, writes Bill Elmore at TechRepublic. Pointing out that these "alerts" could prevent or thwart attempted data breaches if actively monitored and acted upon, he chronicles the high profile breeches at UCLA and Ohio University as examples of how things can go wrong -- quick.

Compliance and mandates like HIPAA or SOX can help ensure that data is checked. Data security is at the top of the IT agenda this year. In fact, the The US Goverment Accountability Office (GAO) out data security on the 2007 "High Risk" List  for government systems.

Elmore says:

Another reason for security mishaps is the fact that IT is still just a necessary vehicle for the rest of corporate America. IT serves as the conduit for business profitability but is still viewed as a hit on the bottom line – an expensive hit at that. Additionally, as IT budgets become leaner, more work is expected of an already taxed staff. Walk around your IT department and ask each pro how much time they spend chasing down data security events and reviewing audit logs. Unless they happen to be security analysts, you'll probably get an emphatic response that they have too many other duties and projects to tend to than to spend their time poring over security event logs.

How does your organization view IT's role and how well does your company monitor who is accessing your data?

Posted February 28, 2007 in Compliance , Log Management & Intelligence , Security | Permalink

Visit loglogic.com

Subscribe to this blog’s feed

• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008
• December 2007
• November 2007
• October 2007
• September 2007
• August 2007
• July 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007
• January 2007
• December 2006
• November 2006
• October 2006
• September 2006
• August 2006
• July 2006
• June 2006
• May 2006
• April 2006
• March 2006
• February 2006
• January 2006
• December 2005
• November 2005
• October 2005
• September 2005

Blogroll

• CynergisTek
• Bruce Schneier
• InfoSecDaily

Compliance

• Continuity Central
• Compliance Pipeline
• SOX Compliance Journal
• Sarbanes-Oxley 101

Good Reading

• Log Management ROI
• Log Management Best Practices
• SANS Institute Log Management White Paper

LogLogic

• O’Reilly
• Anton Chuvakin
• LogLogic.Com
• Jian Zhen

LogLogic Partners

• Juniper Networks
• ONStor
• Counterpane
• Bluecoat

Sites We Watch

• The Merc
• CRN
• IT Architect
• The Reg
• Security Focus
• Slashdot
• TechWeb
• SANS
• C/Net
• CIO Insight
• InformationWeek
• Jamie Lewis - Burton Group
• eWeek
• IT Manager's Journal
• MIT Magazine
• VNU