Who has access to system log?
Every company that would comply with Sarbanes Oxley compliances need to carefully design control regarding system log management. From COBIT for SOX published by ISACA we know that we can apply this control statement regarding this case: “System event data are sufficiently retained to provide chronological information and logs to enable the review, examination and reconstruction of system and data processing” However, the next question would be arise is how deep is sufficient enough? Regarding system log, access to system log only limited to read only and the access is only for system administrator. So others user doesn’t need to get read access, and of course write access. Some of application who comes with default user who has access to system log should be removed. For example, Oracle Database or Sun Solaris default user who has access to read/write system log should be removed. Basically removing all default user account is easier in this case. Access to system log should be very restricted. Some of company using write once disk to maintain the integrity of system log. This is considering very important, because if some one could change the system log then we cannot rely for system log evidence. Compensating control In some cases, removing access to system log is too difficult. Or if the system administrator account is shared –because somehow the company was very large and need more than one system administrator then the next step would be implementing compensating control, which in this case Log Activation Review, Log Review, Administrator account log review. This compensating control also would be advantage to be used when facing performance related issue if enabling the system log. So do you have any others experience regarding system log management? In the future the application developer will use better feature regarding system log management, so I hope no need to worry about this.
Popularity: 9% [?]
