RE: [logs] Regulatory logging requirements

From: Darin.MARAISat_private
Date: Thu Feb 06 2003 - 03:45:33 PST

  • Next message: Devin Kowatch: "Re: [logs] Log Analysis for Law Enforcement"

    http://www.sans.org/rr/logging/
    
    -----Original Message-----
    From: Jason Wake [mailto:jason_wakeat_private]
    Sent: 05 February 2003 18:28
    To: loganalysisat_private
    Subject: [logs] Regulatory logging requirements
    
    
    Hi,
    
    I've been tasked with understanding the log data 
    analysis/retention/monitoring requirements of HIPAA, GLBA, Medicare ("Core 
    Set of Security Requirements"), SEC/NASD, etc. Unfortunately, the raw 
    regulation texts are very vague and generally don't mention logging 
    directly. I've spoken with various healthcare providers and financial 
    institutions and determined that they're as "in the dark" as I am.
    
    Can anyone recommend sites/resources to educate me? I'm especially 
    interested in understanding:
    
    - what sources of logs need to be monitored/analyzed
    - how long the data must be retained
    - what types of analysis are required
    
    Thanks!
    
    Jason
    
    
    
    
    
    _________________________________________________________________
    The new MSN 8: smart spam protection and 2 months FREE*  
    http://join.msn.com/?page=features/junkmail
    
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Thu Feb 06 2003 - 07:43:57 PST