Anton Chuvakin wrote: >> All the current trend toward legislating compliance has >> accomplished is setting the bar very low, and encouraging >> companies to look only at meeting that standard. I've had >> senior IT managers tell me "We are going to do the exact >> minimum, wherever possible." > > No kidding - but, at the same time, those organizations who used to > fly (eh, crawl) BELOW that low bar would benefit if they are kicked > into doing at least *something*. So, I am a bit more positive about > such compliance motivators. I'm not. The other aspect of working towards compliance is that organisations often only focus on those things that you have to be compliant with. Given limited IT Security budgets this is sometimes at the expense of what could actually be important. It also sometimes leads to the thinking - "We're SOX/PCI/CoBIT etc etc compliant and therefore secure". > >> In log analysis terms, that means that the logs to to a big >> bucket which is periodically dumped into the compost >> heap. > > Indeed, this is common but compare this to a) never enabling logging > or b) disabling logging or c) storing logs based on short default > retention policy on each device? A huge improvement, isn't it? And the value add is? You spend all that money on log aggregation and retention but do nothing with the logs? Where is the security and business benefit here? What exactly is the business case? "Gee it'd be nice if we had all these logs in one place" wouldn't be moving my dollars. > >> Nobody'll look in the bucket until someone passes >> legislation requiring people to LOOK at it. And, of course, >> when that happens, they'll do the exact minimum, &c... > > Well, this already happened: e.g. PCI. It doesn't define what > "looking" means, but running a log analysis tool sure beats just > running a tape drive to save the logs... Unless 'looking' is defined, linked to business requirements and security outcomes/benefits, then what exactly are you analysing? Again, what's the value add? Regards James Turnbull -- James Turnbull <james@private> --- Author of Pro Nagios 2.0 (http://www.amazon.com/gp/product/1590596099/) Hardening Linux (http://www.amazon.com/gp/product/1590594444/) --- PGP Key (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0C42DF40)
_______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Mar 22 2007 - 08:44:14 PST