http://www.sans.org/rr/logging/ -----Original Message----- From: Jason Wake [mailto:jason_wakeat_private] Sent: 05 February 2003 18:28 To: loganalysisat_private Subject: [logs] Regulatory logging requirements Hi, I've been tasked with understanding the log data analysis/retention/monitoring requirements of HIPAA, GLBA, Medicare ("Core Set of Security Requirements"), SEC/NASD, etc. Unfortunately, the raw regulation texts are very vague and generally don't mention logging directly. I've spoken with various healthcare providers and financial institutions and determined that they're as "in the dark" as I am. Can anyone recommend sites/resources to educate me? I'm especially interested in understanding: - what sources of logs need to be monitored/analyzed - how long the data must be retained - what types of analysis are required Thanks! Jason _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Feb 06 2003 - 07:43:57 PST