LogBlog

« A New Logging Standard Effort Started: Common Event Expression (CEE) | Main | Tune Into The LogLogic 4 Podcast »

Logging The Threat From Within

Last week, Information Week reported that a former Social Security Administration employee illegally disclosed personal information stolen from a government computer to aid in an identity theft scheme. This employee was paid to look up identifying information about various people using access levels that were consistent with her employment.

In this case, is it unlikely that alarm bells would have gone off when the information was initially obtained, since the employee wasn't hacking into a system-- she already had approved access to all of the information she needed. However, as the case builds against her, the logs of her system activity could become crucial pieces of evidence.

There are logs for everything the SSA employee did on that system -- legal or illegal. It is important to remember that the benefits of being able to record, report on, and manage your log data do not stop at attack prevention. In a case, like this one, where the breach can not be prevented, information is exposed, and action must be taken retroactively, having easily accessible, immutable log data to act as a continuous fingerprint of system activity is crucial to ensuring that the attacker is held accountable for her actions.


Technorati : , , ,

Posted April 20, 2007 in Compliance , Log Management & Intelligence , Risk Management , Security | Permalink

TrackBack

TrackBack URL for this entry:
http://www.loglogic.com/mt/mt-tb.cgi/179

Visit loglogic.com

I ♥ Logs

Subscribe to this blog’s feed RSS

November 2007
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  
Categories
Archives
Blogroll
Blogroll
Compliance
Good Reading
LogLogic
LogLogic Partners
Sites We Watch