Log Management and Compliance

From Socology.org - The Study of Security Operations
Revision as of 08:02, 3 November 2018 by Chrismaulding (Talk | contribs)

Jump to: navigation, search

This section is under development

Objective

To discuss log management and compliance in relation to industry-specific compliance regulations. Regulations discussed will be PCI, SOX, HIPAA, etc.

Process

Below are general guidelines for getting the logs necessary to meet your compliance needs. These are just guidelines and may need to be modified based on your business needs. 

 1. Identify what logs are needed based on compliance regulations.

 2. Configure devices with the necessary information to send logs to a SIEM or other logging mechanism.

 3. Verify logs are being received by the SIEM or log management server. 

 4. Use business cases to generate alerts when necessary.

 5. Review the logs after network maintenance and upgrades.

Tooling

Ticketing

Reporting

Staffing

Budgeting

Communications

Documentation

Lessons Learned | Pain Points

Citations

Network Managment Division of Ipswitch Inc. https://www.ipswitch.com/Ipswitch/media/Ipswitch/Documents/Resources/Whitepapers%20and%20eBooks/ELM_Security_WP.pdf?ext=.pdf

Retrieved from "https://socology.org/wiki/index.php?title=Log_Management_and_Compliance&oldid=350"