Many IT departments are investing significant time and money on log management or security incident and event management tools. It might be to meet a regulation or mandate -- Payment Card Industry standards, for instance -- or to better understand what is happening in the computing environment. Such tools enable the administrators to take a lot of disparate bits of event information, correlate them and present them in a way in which it's easy to spot anomalies.
What happens when the person monitoring the log management or SIEM dashboard sees something a little out of the ordinary? He drills down for details, of course. But what happens (or should happen) when those details begin to suggest something ominous, such as a data breach or corporate fraud? At this point, a lot of care needs to be taken in how the log data is handled and who must be notified of the situation. How the data is handled could impact whether or not it can later be used as evidence in a criminal or civil charge. Who is notified of the suspected breach and how they contribute to the investigation is another delicate matter.
A few weeks ago, we provided best practice tips on preserving log data for a forensic investigation (see "Using computer log
data to support a forensic investigation" here). In this article, we'll discuss the notification chain and how other experts support the investigation and its fallout.
Continued
Recent Newsletters | Archive
|
New research by recruitment firm Randstad indicates that while the economy is in a downturn more than half of employers believe there remains a skills shortage that will lead...
The demand for permanent and IT staff is still falling, according to a new report.
The unemployment rate for electrical engineers hit 8.6% in the second quarter of this year, a record-setting number and double the rate for the group in the first quarter,... ...2
You win some; you lose some. This week China decided its Web censorship filtering software was not quite ready for prime time, while U.S. courts sentenced phone hackers and...
If you think technical skill is all you need for a career in IT, think again. Expectations for IT employees are changing.
Lloyds TSB will cut 2,100 jobs, in a move set to hit IT and back office roles.
If you're seeking a recommendation from a peer in your job search or being asked to provide one, columnist Dave Willmer has some suggestions.
job description: A capacity manager makes sure a company has the right amount of IT resources to support the business--not more, not less. It's their job to determine if the... ...1
Salaries of IT managers are retreating, and most affected by the trend are managers running technology operations at mid-sized companies with less than $500 million in annual...
At barely 25 years old, the CIO profession is still young. We can't yet define a standard CIO career path, but we can identify some critical experiences. And working outside...
Looking for work in IT? You might want to extend your job search beyond Monster, CareerBuilder and HotJobs..
Start Slideshow
The notification chain when a breach is suspected
A few weeks ago, we provided best practice tips on preserving log data for a forensic investigation. Now that you've got the ...
Starting a Discussion of the New Top Cisco Certification 7
Early this morning Microsoft released Windows 7 RC for download for those with TechNet and MSDN accounts. ...
A few days back I posted an article about a Cisco Learning Partner that released the CCNP Wireless Courses to... 2
Good thing or bad thing- 1
The Leader in Network Knowledge
