Many IT departments are investing significant time and money on log management or security incident and event management tools. It might be to meet a regulation or mandate -- Payment Card Industry standards, for instance -- or to better understand what is happening in the computing environment. Such tools enable the administrators to take a lot of disparate bits of event information, correlate them and present them in a way in which it's easy to spot anomalies.
What happens when the person monitoring the log management or SIEM dashboard sees something a little out of the ordinary? He drills down for details, of course. But what happens (or should happen) when those details begin to suggest something ominous, such as a data breach or corporate fraud? At this point, a lot of care needs to be taken in how the log data is handled and who must be notified of the situation. How the data is handled could impact whether or not it can later be used as evidence in a criminal or civil charge. Who is notified of the suspected breach and how they contribute to the investigation is another delicate matter.
A few weeks ago, we provided best practice tips on preserving log data for a forensic investigation (see "Using computer log
data to support a forensic investigation" here). In this article, we'll discuss the notification chain and how other experts support the investigation and its fallout.
Continued
Recent Newsletters | Archive
|
You win some; you lose some. This week China decided its Web censorship filtering software was not quite ready for prime time, while U.S. courts sentenced phone hackers and...
If you think technical skill is all you need for a career in IT, think again. Expectations for IT employees are changing.
Lloyds TSB will cut 2,100 jobs, in a move set to hit IT and back office roles.
If you're seeking a recommendation from a peer in your job search or being asked to provide one, columnist Dave Willmer has some suggestions.
Salaries of IT managers are retreating, and most affected by the trend are managers running technology operations at mid-sized companies with less than $500 million in annual...
job description: A capacity manager makes sure a company has the right amount of IT resources to support the business--not more, not less. It's their job to determine if the...
At barely 25 years old, the CIO profession is still young. We can't yet define a standard CIO career path, but we can identify some critical experiences. And working outside...
Many in India's IT industry are calling pending U.S. Senate legislation that would restrict the use H-1B visas protectionist and anti-competitive, according to Som Mittol,... ...1
A high-tech legend returns (maybe), and the iPhone finally achieves adult status. That's plenty of news for one week, but it's not all that happened. A famous Twitterer got...
As laid-off executives flood the labor pool, some employers are seizing the opportunity to "upgrade" their management teams, say executive recruiters. In this job market,...
Looking for work in IT? You might want to extend your job search beyond Monster, CareerBuilder and HotJobs..
Start Slideshow
The notification chain when a breach is suspected
A few weeks ago, we provided best practice tips on preserving log data for a forensic investigation. Now that you've got the ...
Was it really 10,000 attendees- And does it matter- 7
Early this morning Microsoft released Windows 7 RC for download for those with TechNet and MSDN accounts. ...
A few days back I posted an article about a Cisco Learning Partner that released the CCNP Wireless Courses to... 2
Good thing or bad thing- 1
The Leader in Network Knowledge
