Nine question for your system log management vendor
- Can your tool collect and aggregate 100 percent of all log data from all inscope log sources on the network?
- Are your logs transported and stored securely to satisfy the CIA (Confidentiality, Integrity, Availability) of log data?
- Are there packaged reports that suit the needs of your Sarbanes Oxley projects stakeholders such as IT, auditors, maybe even Finance or Human Resources? Can you create the additional needed reports to organize collected log data quickly?
- Can you set alerts on anything in the logs in order to satisfy the monitoring requirements?
- Does the tool make it easy to look at log data on a daily basis? Can the tools help you prove that you are by maintaining an audit trail of log review activities? (Indeed, it is common for the auditors to ask for a log that shows that you review other logs and not for the original logs from information systems! Yes, log analyst activities needs to be logged as well.if this is news to you than welcome to the world of compliance!)
- Can you perform fast, targeted searches for specific data when asked? Remember, Sarbanes Oxley is not about dumping logs on tape.
- Can you contextualize log data (say for comparing application, network, and database logs related to an in-scope system) when undertaking forensics and other operational tasks?
- Can you readily prove, based on logs, that security (such as anti-virus and intrusion prevention), change management (such as user account management), and access control policies mandated by the Sarbanes Oxley requirements are in use and up-to-date?
- Can you securely share log data with other applications and users that are involved in various compliance initiatives? (Taken and edited from Tony Bradley book, PCI Compliances)
Popularity: 27% [?]
