[logs] Regulatory logging requirements

• Previous message: Balazs Scheidler: "Re: [logs] How are people bringing DMZ syslog msgs into the central server?"
• Next in thread: Bennett Todd: "Re: [logs] Regulatory logging requirements"
• Reply: Bennett Todd: "Re: [logs] Regulatory logging requirements"
• Reply: Darin.MARAISat_private: "RE: [logs] Regulatory logging requirements"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I've been tasked with understanding the log data 
analysis/retention/monitoring requirements of HIPAA, GLBA, Medicare ("Core 
Set of Security Requirements"), SEC/NASD, etc. Unfortunately, the raw 
regulation texts are very vague and generally don't mention logging 
directly. I've spoken with various healthcare providers and financial 
institutions and determined that they're as "in the dark" as I am.

Can anyone recommend sites/resources to educate me? I'm especially 
interested in understanding:

- what sources of logs need to be monitored/analyzed
- how long the data must be retained
- what types of analysis are required

Thanks!

Jason





_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail

_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Mikael Olsson: "Re: [logs] How are people bringing DMZ syslog msgs into the central server?"
• Previous message: Balazs Scheidler: "Re: [logs] How are people bringing DMZ syslog msgs into the central server?"
• Next in thread: Bennett Todd: "Re: [logs] Regulatory logging requirements"
• Reply: Bennett Todd: "Re: [logs] Regulatory logging requirements"
• Reply: Darin.MARAISat_private: "RE: [logs] Regulatory logging requirements"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Feb 05 2003 - 13:20:08 PST