Zen 2.0

I am surprised I didn’t post this one. In any case, here it is.

The Top Five I.T. Control Weaknesses by BEN WORTHEN.

1. Failure to segregate duties within applications, and failure to set up new accounts and terminate old ones in a timely manner.
2. Lack of proper oversight for making application changes.
3. Inadequate review of audit logs.
4. Failure to identify abnormal transactions in a timely manner.
5. Lack of understanding of key system configurations.

This is the sidebar for the article How To Dig Out From Under Sarbanes-Oxley.

Another sidebar for the same article, Sarbanes-Oxley Compliance and the CIO: Year Two.

Good article on risk management on Computerworld by Samir Kapuria.

In this article, Samir described a 3 step process in which a security assurance team should take for risk management. The only thing I would recommend changing is to separate the incident response step from the Application step. Right now Samir has both mixed into one.

The risk management process is continuous; it should never be considered a point-in-time solution.

Register for this event

This is quite a webcast. LogLogic did one not too long ago and there’s such a demand that it will be re-broadcasted LIVE.

So I have been doing quite a bit of international traveling, both business and personal. I am slowly finding out there is evil in credit card companies. For example, I have been using a Citi card for most of the charges. Every time the clerk swipes my card, 3% is added to the purchase amount. If I were to use an Amex, that’s an additional 2% on top of the purchase amount.

This is crazy!! It’s not like they have to do anything. When the bank receives the $$, it’s already in US$!!

In any case, here are some articles that explains the details:

• Uncovering credit card costs on foreign charges
• Look out for fees on foreign charges
• 7 rules for using your card overseas
• New credit card fees take a further swipe at dollar

There are a lot more articles on the web. You can search for it yourself.

In any case, most of these articles recommend getting a Capital One card that does not charge the extra fee. I think that’s what I’ll do and cancel the others.

Q1 Labs’ entry into the SEM market. Seems like they are competing with the Cisco MARS product.

A friend pointed me to this article on How to Fund a Startup by Paul Grahm. Very good summary of the different funding options.

Richard Stiennon recently wrote an article on Evaluating Security Startups. In this article, Richard listed six rules in which he uses to evaluate products from security startups.

Even though the article’s got some points, I can’t say I agree with everything he says. As an example, in the article, Richard said, “Security is all about countering threats.” Well, that’s not always true.

Security is really about risk mitigation. It’s about mitigating the risk of

Our recent trip to China included a press conference with many of the top newspapers and IT magazines in China. Here’s a press piece that appeared on DoSTOR.

在商业竞争异常激烈的今天，日志存储和数据处理方面的需求将不断增长，而且企业常常是将其作为基础设施来规划，日志管理已成为世界上IT管理的新趋势。因此，LogLogic公司率先提出“日志生命周期智能化管理”概念，对日志数据进行采集、汇聚、存储、归档、分析和报警、实时监控，这种有效的管理方法可以优化网络运行效果, 提高网络可用性和安全性；提供可靠的网络信息审计；简化为适应行业法规要求所需的工作，从而大大降低运营成本；还可以协助IT决策和风险管理。

Recently Chris, Andy and I went to visit China. Here are some photos Andy took.

Douglas Schweitzer had this to say regarding my article on Steps for preserving the integrity of log data.

He’s absolutely right. He’s also written previously an article on Don’t Ignore Lowly Log Analysis.

Anton Chuvakin has posted some comments regarding my “Searching for Root Cause” article.

Anton Chuvakin is a great guy. Very smart and definitely knows a lot about log analysis. I have the highest respect for him.

However, I think he misunderstood the article. In his comments, he said that “the article claims that you have to search logs in order to discover the real issue.”

This is definitely somewhat of an overstatement. My article does not claim that the only way to troubleshoot issues and determine root cause is through searching. Searching, however, is and will always be one of the ways admins use to troubleshoot issues. No amount of intelligence or reporting or whatever will replace drilling down into the details of the logs to determine root causes.

Many of tools today will help float the issues and problems to the top so admins will notice the problem faster. Then the admins will need to tools to drill down and find out what exactly are the cause of the problems. Search is one of those tools. Others may include further drill down on the reports.

Full-text indexed search is a much faster way to search. You can obviously insert all the logs into MySQL or some database and utilize the database to do the indexing. However, that can only carry you so far as the database insertion will be slowed down dramatically and can only handle a small number of messages per second.

The only real method to do it is utilize existing full-text indexing technologies to index log data. A great book on this topic is Managing Gigabytes.

Anton is correct in that the search technology can also be extended to determine and highlight the root cause. This is definitely true and possible to implement. I believe we will see tools, open source or commercial, with this type of features in the near future.

Love to hear more thoughts from everyone on this topic.

This is funny. Someone named “Fish” translated an article I wrote a while back on What to do before an IOS disaster strikes into Chinese.

Fish, assuming he did the translation, did a pretty good job of translating the whole article. Can’t say how legal it is since he most likely does not have permission from Computerworld to do so.

Regardless, I do appreciate the effort for the translation and spreading the word out.

In a previous column, I outlined the five steps in the problem management process: detection, identification, determination, resolution and reflection [article]. I explained how new technologies will be required to help IT administrators determine the root causes of IT problems.

But how do IT administrators determine them today?

I have written an article on how search technology can help in finding root cause.

To respond to an article I discussed in a previous post, I wrote this article on Steps for preserving the integrity of log data, which is published by Computerworld.

This article describes the importance of perserving unaltered log data for court admissibility, enabling trust and accelerating investigation and troubleshooting.