CFO responsibility to fund log analysis for Sarbanes-Oxley compliance

Ron Lepofsky from ERE Information Security had a great article, CFO responsibility to fund log analysis for Sarbanes-Oxley compliance, on SC Magazine. Here’s a summary SC Magazine provided: Corporations responsible for complying with Sarbanes-Oxley, face great hurdles with a basic compliance objective: analysis of their (server and security device) event logs. Some do not for [...]

More...
December 15th, 2004 | Jian Zhen | 1 Comment

What’s In A Log: Part 1

| Posted in General Techologies

Much ink has been spilled all over the web and in print writing about log management and analysis. Google returned over 640,000 hits for the search ‘“log management” OR “log analysis”‘. A whole technology segment has been created just for this purpose. IDC and Gartner both predicted that the log management space will be over [...]

More...
December 14th, 2004 | Jian Zhen | No Comments

How to calculate firewall log size requirement

| Posted in General Techologies

Someone googled for “how to calculate firewall log size requirement” and found this blog. Since google only pointed to my main site and not the specific article, here’s it is: Five Factors to Consider When Building Your Logging Infrastructure

More...
December 13th, 2004 | Jian Zhen | No Comments

What the heck is security event management, anyway?

| Posted in General Techologies

Techworld has an article on this topic. Unfortunately, Larry Lunetta made it sound like the whole SEM space is about IDS alerts reduction. It would be really sad if that’s all SEM products do. I think SEM is probably the wrong name for this space anyway. Most of the vendors mentioned in the article are [...]

More...
December 12th, 2004 | Jian Zhen | No Comments

rsyslog

| Posted in General Techologies

Rainer Gerhards announced the initial beta release of the rsyslog package, an alternate syslogd implementation. Rsyslog has been forked from the sysklogd package. It currently shares its base design but includes many important enhancements. Most importantly it supports – fully configurable output formats, including * high precision timestamps with year * access to each of [...]

More...
December 10th, 2004 | Jian Zhen | No Comments

Pros and Cons of MSSPs on Computerworld

| Posted in General Techologies

The two pieces I wrote on pros and cons of MSSPs are now on Computerworld. The pros and cons of MSSPs Part 1: 10 reasons to outsource security Part 2: Reasons to be wary. Seven shortfalls of outsourcing security

More...
December 9th, 2004 | Jian Zhen | No Comments

EU reconsiders new data retention laws

| Posted in General Techologies

According to this article, EU reconsiders new data retention laws, from Computerworld: Under draft legislation proposed by the UK, Ireland, Sweden and France in April, operators would have to keep for at least 12 months all data concerning the source, routing, destination, time, date and duration of communications as well as the location of the [...]

More...
December 8th, 2004 | Jian Zhen | No Comments

What factors should we consider in selecting security-log-auditing software?

| Posted in General Techologies

Information Week has a small blurb on What factors should we consider in selecting security-log-auditing software? I have also written here before on Five Factors of Logging Infrastructure.

More...
December 6th, 2004 | Jian Zhen | No Comments

Cons of using MSSPs

| Posted in General Techologies

Last week we went over some of the Pros of Outsourcing to MSSPs, today we will go over some of the Cons in more details. Here are the reasons why you should think twice before outsourcing. 1. Device control Once you outsource your security infrastructure such as firewalls and IDS, you may lose some or [...]

More...
December 5th, 2004 | Jian Zhen | No Comments
  • Page 2 of 2
  • <
  • 1
  • 2