> All the current trend toward legislating compliance has
> accomplished is setting the bar very low, and encouraging
> companies to look only at meeting that standard. I've had
> senior IT managers tell me "We are going to do the exact
> minimum, wherever possible."
No kidding - but, at the same time, those organizations who used to
fly (eh, crawl) BELOW that low bar would benefit if they are kicked
into doing at least *something*. So, I am a bit more positive about
such compliance motivators.
> In log analysis terms, that means that the logs to to a big
> bucket which is periodically dumped into the compost
> heap.
Indeed, this is common but compare this to a) never enabling logging
or b) disabling logging or c) storing logs based on short default
retention policy on each device? A huge improvement, isn't it?
>Nobody'll look in the bucket until someone passes
> legislation requiring people to LOOK at it. And, of course,
> when that happens, they'll do the exact minimum, &c...
Well, this already happened: e.g. PCI. It doesn't define what
"looking" means, but running a log analysis tool sure beats just
running a tape drive to save the logs...
Best,
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
http://chuvakin.blogspot.com
http://www.info-secure.org
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Wed Mar 21 2007 - 19:06:12 PST