How to become an eCSI officer?
Meet us at Infosecurity Europe, 29-31 April, Technology Showcase bit.ly/1gEsrgt or visit our stand K87.
Most log messages traditionally come from three types: system logs of servers, network devices, and applications. To derive actionable, valuable business information from this vast amount of raw log data, it is necessary to collect, filter, and normalize messages from various sources and store them centrally so that they may be easily accessed for review or archived for compliance purposes.
Download white paper »
One of the greatest challenges of IT is to prevent privileged users from doing things in systems which are not allowed. While the activity of a web-site visitor is well-limited, the same is not true for an employee and certainly not for a system administrator of the company. The freedom of users grows with their access level - the higher rights they have in IT systems, the more risk they carry for the company.
Telecommunication firms, whose facilities are used by various users to process personal and business data should handle confidential information with great care and apply an appropriate level of protection. In conclusion, telecommunication organizations need to establish and continuously improve an overall security management system that ensures the maintenance of appropriate controls.
Your system administrators are the most powerful users in the IT environment. They operate the whole IT infrastructure, containing sensitive data and critical company assets. If you are new in a position as a CIO, you may have a headache when thinking of ways to monitor your staff and protect sensitive business data from IT people’s mistakes or manipulation.
While most of the employees are trustworthy, there are always employees that abuse the trust placed in them and system administrators are no exception.
If you purchase a log management or SIEM tool, you might sit back with the conclusion that all your system audit and compliance problems are solved. Unfortunately, this rosy picture seems to ignore the ever-present problem of blind spots in audit reports: if your apps don't log it, your audit report won't show it...
There are several scenarios of where the blind spots occur. For example, basic system administrator activities, such as firewall or web-server configuration all include a potentially high security risk for companies. We might think that these activities should generate sufficient log entries, but in actuality they do not.
The documents show the difference between event logging and activity monitoring in Linux and Windows environments by comparing standard system logging with complete session recording.
Besides growing competition, compliance with PCI DSS, HIPAA, Basel II or other legal regulations is an increasing challenge to companies. Security requirements concerning IT systems are very rigorous but the implementation of ISO/IEC 27001:2005 (furthermore referred to as ISO 27001) standard can be an obvious solution for setting up an information security management system.
It is a common experience among organizations that compliance with different security-related international standards means a great burden for IT experts as well as for business managers. Worries grow especially if an audit is approaching and no mistakes should be made. The question of how these increasingly rigorous requirements can be met with the least human resources and expenditures arises frequently – by no surprise. There is no simple answer to this question. However, this document intends to describe the possibilities for company managers.
For many years, logging had been the exclusive privilege of IT experts. However, this has changed drastically by today, as it has become capable of playing a role in maintaining security which is of equal significance to providing support for specific business areas. When covering several levels of the organization, its use is in many cases accompanied by well measurable business benefits, which should not be neglected from either the financial or technological point of view.
The Ministry of Communications & Information Technology has recently published a letter for telecommunication providers of India. This letter describes specific technical requirements about Remote Access information.
According to the new requirements, telecommunication providers must take adequate measures to protect their subscribers' data and strictly control the remote access of third-party network service providers, especially if access is gained from outside of India.
Log messages can be used to detect security incidents, operational problems, and other issues like policy violations, and are useful in auditing and forensics situations. But collecting and analyzing log messages is also required directly or indirectly by several regulations, including the Sarbanes-Oxley Act (SOX), the Basel II Accord, the Health Insurance and Portability Act (HIPAA), or the Payment Card Industry Data Security Standard (PCI-DSS).
Cloud computing solutions offer several benefits, most notably the scalable and flexible access to computing resources. However, the increased concentration of business data and computing power scales security risks as well, requiring special considerations and care from cloud providers. This paper aims to provide helpful solutions to cloud providers on the main security risks affecting the clouds.
This document aims at briefly demonstrating the technological and business processes that led to the revaluation of log information to such an extent that its collection and procession has become one of the most essential tasks of contemporary corporate IT.
Furthermore, we attempt to identify those critical points of a central logging management project that determine its success the most. We hope that taking our six pieces of advice relating to these six points will substantially contribute to the successful professional activities of our readers.Download white paper »
Operating systems, applications, and network devices generate text messages of the events that happen to them: a user logs in, a file is created, a network connection is opened to a remote host. These messages, called log messages, can be used to detect security incidents, operational problems, policy violations, and are useful in auditing and forensics situations.
At companies relying on VMware View infrastructure, users at different organizational units might have the possibility to directly access and manipulate sensitive business information, such as financial or CRM data, personnel records and credit card numbers.