Posts Tagged ‘log management’

Smart Business Leaders Support Effective Log Management Practices and Necessary Resources

Thursday, April 24th, 2008

The second article in this month’s IT Compliance in Realtime Journal is, “Smart Business Leaders Support Log Management.”
I wrote this with an audience of information security and privacy personnel, along with IT managers, in mind.
Download the formatted PDF version to get the full content, not to mention a nicer looking document.
Here is the unformatted version…


Addressing Application Vulnerabilities With PCI DSS Log Management Compliance

Wednesday, April 16th, 2008

The third and final paper in my PCI DSS log management compliance series is now available!
I encourage you to download the much nicer-looking formatted PDF version. 🙂
However, the following is the unformatted version of “Addressing Application Vulnerabilities with PCI Log Management Compliance“…


Striving For PCI DSS Log Management Compliance Also Helps To Identify Attacks From The Outside

Wednesday, April 9th, 2008

The second paper in my series on PCI DSS log management compliance, “Using PCI DSS Compliant Log Management To Identify Attacks From The Outside” is now available.
And, as I’ve been blogging about over the past few days, log management is about much more than systems; it is about the entire management process, and the need to have policies, procedures and address the ways in which personnel review and know how to interpret the logs.


One Word Makes A World Of Difference…To Auditors and To Practitioners

Monday, April 7th, 2008

I want to continue the discussion I started yesterday.
Is there a difference between “log management” and a “log management system”?


Misquotes and Misinformation on PCI DSS Log Management

Sunday, April 6th, 2008

I always invite feedback and comments about my articles and books. I like to know what people have found useful as well as hear how I can improve upon my writing and see if there is any more information I could have added or expanded upon.
So, I was interested to see that Dr. Anton Chuvakin read one of my recent PCI DSS logging compliance papers and posted to his blog about it.
However, he made a significant misquote and provided misinformation, which provide good topics for discussion…


Using PCI DSS-Compliant Log Management to Identify Insider Access Abuse

Tuesday, April 1st, 2008

Today I just finished writing the last of a three paper series, “The Essentials Series: PCI Compliance,” in which I discuss and demonstrate three ways in which meeting the PCI DSS requirements for logging also benefits businesses by putting into place log management practices that: