Resources for Federal Financial Institutions Examination Council (FFIEC)

Log management in the age of compliance

www.techworld.com

With each high-profile data breach (such as those at TK Maxx and the US Department of Agriculture) or new regulation, security emphasis seems to shift away from the traditional "keep bad guys out" mentality and toward a layered, in-depth, "What's going on in here?" look at IT activity. Organisations are turning to logs to provide a continuous trail of everything that happens with their IT systems and, more importantly, with their data. Logs of different types are generated from different sources at an astounding rate, allowing for a detailed -- if sometimes cloudy -- picture of IT activity. If a disgruntled employee with an intent to steal data accesses a database containing confidential information, there would likely be a log of that activity that someone could review to determine the who, what and when. Logs provide the bread crumbs that organisations can use to follow the paths of all of their users, bad-intentioned or not.

View the Resource

Share or bookmarklet this web page at: