Difference between revisions of "Log Management and Compliance"
From Socology.org - The Study of Security Operations
(→Citations) |
(→Process) |
||
| Line 7: | Line 7: | ||
== [[Process]] == | == [[Process]] == | ||
| + | 1. Identify what logs are needed based on compliance regulations. | ||
| + | |||
| + | 2. Configure devices with the necessary information to send logs to a SIEM or other logging mechanism. | ||
| + | |||
| + | 3. Verify logs are being received by the SIEM or log management server. | ||
| + | |||
| + | 4. Use business cases to generate alerts when necessary. | ||
| + | |||
| + | 5. Review the logs after network maintenance and upgrades. | ||
== [[Tooling]] == | == [[Tooling]] == | ||
Revision as of 08:00, 3 November 2018
This section is under development
Contents
Objective
To discuss log management and compliance in relation to industry-specific compliance regulations. Regulations discussed will be PCI, SOX, HIPAA, etc.
Process
1. Identify what logs are needed based on compliance regulations.
2. Configure devices with the necessary information to send logs to a SIEM or other logging mechanism.
3. Verify logs are being received by the SIEM or log management server.
4. Use business cases to generate alerts when necessary.
5. Review the logs after network maintenance and upgrades.
Tooling
Ticketing
Reporting
Staffing
Budgeting
Communications
Documentation
Lessons Learned | Pain Points
Citations
Network Managment Division of Ipswitch Inc. https://www.ipswitch.com/Ipswitch/media/Ipswitch/Documents/Resources/Whitepapers%20and%20eBooks/ELM_Security_WP.pdf?ext=.pdf
