- Microsoft lays out SQL Server road map
- Credit card skimming
- Nortel's stock market capitalization plummets
- Will Apple be forced to make more money?
- CAN SPAM: What went wrong?
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
As an IT administrator, I'm often considering how to make the most of all security solutions that my organization needs to run smoothly, especially given the cost of compliance solutions. One item I'd like feedback on is how I can leverage the log-management product I've bought for compliance to protect the network against insider threats as well. If I have a log management solution in place, will that be sufficient to protect my sensitive data? What other best practices are there, and can you provide a few real-world examples?
Information security tools are often split into two categories - detective and preventive. The latter should help prevent attacks, as the name implies, while the former gives ways to monitor and find security events. Log management is a detective control only, so it is not sufficient on its own to protect sensitive data. You still need things like access controls and authentication to prevent unauthorized access and stop attacks. However, detective controls significantly enhance preventive controls because they warn of impending attacks (e.g., suspicious activity and surveillance) and alert you to attacks even if they are failing. Log management therefore has both direct and indirect applications that will help with compliance as well as insider attacks.
A direct method of log management usually involves collection of known logs into a centralized and secure space with long-term retention capabilities to satisfy requirements like "Secure and Central Log Collection" (PCI Requirement 10.5). Indirect methods can involve anything related to monitoring or auditing activities. This means everything from authentication and authorization to encryption to change management could benefit from log management. File Integrity Monitoring, for example (PCI Requirements 10.2.2, 10.5.5 and 11.5), depends on a log management back-end. Some may be surprised that virtually all encryption has a significant log-management component, but monitoring access and change related to keys and signatures is essential to good encryption management. Take, for example, an insider who modifies or replaces a key. Even the reverse can be important; a key that has not been rotated in a timely fashion (some rotations are meant to happen weekly) indicates a potential exposure or suspicious activity.
Rss FeedRss Feed
The Vista era of Windows is here. Yet most organizations will retain Windows XP alongside new Vista...
Vulnerability Management For DummiesDownload this concise book "Vulnerability Management for Dummies," to learn about the simple steps...
Security Considerations When Deploying Remote Access SolutionsEffective network security is most successful when you use a layered approach, with multiple...
The Vista era of Windows is here. Yet most organizations will retain Windows XP alongside new Vista...
Turning information into a Competitive AdvantageCompanies today are realizing that competitive advantage is harder to sustain when based solely on...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Discover why Unified Threat Management Firewalls are ready for the enterprise today. High...
The Evolution of Network SecurityWe have so many holes punched in our firewalls today that many industry insiders question the value...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment