IT Auditing
From NotRocket wiki
There is no such thing as 100% security.
There is no such thing as "tamper proof". The best you can ever hope for is "tamper evident" and "tamper resistant". Typically, as long as it takes two compromised people to hide any given event, that will passed an audit. There should be no preconceived way for a single administrator to alter audit trails.
Most of the requirements are that fraud be merely detectable. That is, the data need not be unalterable so long as the alteration is detectable. Auditors want processes and records to raise the barrier to someone doing something wrong or unrecorded.
see also IT Auditing Solutions
Contents |
[edit] Health Insurance Portability and Accessibility Act (HIPAA)
[edit] Sarbanes-Oxley Act (SOX)
[edit] DSS
PCI is weaker than HIPAA or SOX and is much more open to interpretation.
https://www.pcisecuritystandards.org/
Any PCI compliance solution must not only store log info but also let you analyze it.
[edit] PCIDSS 1.0
[edit] PCIDSS 1.1
Has a concern about authenticity of the originating data. The point of the central copy of the logs is so that modification on either side can be readily detected and investigated.
- authors of the data (logs) cannot modify it after stored. Immutable is not so much immutable by anyone, but immutable by the server.
- encrypt all security data(logs, etc) while in network transit (only be necessary if you transmit sensitive data in the logs? ie patient data)
[edit] NASD 3010
[edit] SEC 17a-4
[edit] Commercial off-the-shelf Products
- SenSage is a commercial log storage product/archiver design for Linux clusters and built on open source software
http://www.sensage.com/English/Solutions/compliance-commerce-privacy.htm
// EMC ships their Centera with a very good software package from SenSage built specifically for log storage/analysis and compliance.
