Reports from system logs for compliance generally have the same basic requirements regardless of the standard being measured – whether PCI, SOX or FFIEC. There are some foundational requirements for compliance reporting of logs to be considered effective:
- The data/time are synchronized throughout the environment. This is vital to be able to correlate events between systems and to real-world events, such as security cameras, badge systems, etc.
- System, security and audit logs are sent to and stored on a system where users/administrators of monitored systems do not have access. Logs will not be an effective identifier of fraud, theft or other nefarious acts if the perpetrator of those acts has the ability to remove log evidence of his activities. Subscribing to a Log Management Service is a good way to address this concern.
- Individuals who access controlled systems should not have access to update or modify the scripts and/or software the produces the security reports.
The key elements for compliance log reports are: Read more…
RSS Error: A feed could not be found at http://www.syslog.org/forum/.xml/?type=rss. A feed with an invalid mime type may fall victim to this error, or SimplePie was unable to auto-discover it.. Use force_feed() if you are certain this URL is a real feed.