[logs] Regulatory logging requirements

From: Jason Wake (jason_wakeat_private)
Date: Wed Feb 05 2003 - 09:28:03 PST

  • Next message: Mikael Olsson: "Re: [logs] How are people bringing DMZ syslog msgs into the central server?"

    I've been tasked with understanding the log data 
    analysis/retention/monitoring requirements of HIPAA, GLBA, Medicare ("Core 
    Set of Security Requirements"), SEC/NASD, etc. Unfortunately, the raw 
    regulation texts are very vague and generally don't mention logging 
    directly. I've spoken with various healthcare providers and financial 
    institutions and determined that they're as "in the dark" as I am.
    Can anyone recommend sites/resources to educate me? I'm especially 
    interested in understanding:
    - what sources of logs need to be monitored/analyzed
    - how long the data must be retained
    - what types of analysis are required
    The new MSN 8: smart spam protection and 2 months FREE*  
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Wed Feb 05 2003 - 13:20:08 PST