44:
analyze an attack in order to allow the organization to mitigate or prevent similar attacks in the future. However, security professionals have a significant challenge to determine what events must be logged, where and how long to retain those logs, and how to analyze the enormous amount of information that can be generated. A deficiency in any of these areas can cause an organization to miss signs of unauthorized activity, intrusion, and loss of data, which creates additional risk.
31:
150:
FISMA (Federal
Information Security Management Act of 2002). Stipulates federal requirements for managing government network systems and data. Log management guidelines include the generation, review, protection and retention of audit records, as well as the actions to be taken because of audit
43:
Effective security event logging and log analysis is a critical component of any comprehensive security program within an organization. It is used to monitor system, network and application activity. It serves as a deterrent for unauthorized activity, as well as provides a means to detect and
26:
and published under the SP 800-Series; a repository of best practices for the InfoSec community. Log management is essential to ensuring that computer security records are stored in sufficient detail for an appropriate period of time.
52:
NIST SP 800-92 provides a high-level overview and guidance for the planning, development and implementation of an effective security log management strategy. The intended audience for this publication include the general
22:, "Guide to Computer Security Log Management", establishes guidelines and recommendations for securing and managing sensitive log data. The publication was prepared by Karen Kent and Murugiah Souppaya of the
479:
147:(Payment Card Industry Data Security Standard). Requires the mandatory protection of consumer credit card information including storage and transmission.
23:
129:(Health Insurance Portability and Accountability Act of 1996). Requires the mandatory safeguard of personal health information.
243:
Butler, Vincent; Dorsey, Tom; Robinson, Ken (August 3, 2014). "Building a
Logging Strategy for Effective Analysis": 3.
350:
484:
474:
57:(InfoSec) community involved in incident response, system/application/network administration and managers.
135:(Sarbanes-Oxley Act of 2002). Requires the mandatory record keeping of financial and IT log related data.
394:
141:(Gramm-Leach-Bliley Act). Requires mandatory PII (Personal Identifiable Information) data protection.
261:
459:
279:
199:
122:
The following federal regulations require the proper handling and storage of sensitive log data:
423:
132:
248:
67:
Log
Storage - rotation, archival, compression, reduction, normalization, integrity checking;
54:
8:
298:
218:
324:
302:
222:
60:
NIST SP 800-92 defines a log management infrastructure as having 4 major functions:
290:
210:
97:
NIST SP 800-92 makes the following recommendations for security log management:
169:
468:
294:
214:
16:
Guidelines and recommendations for securing and managing sensitive log data
110:
Provide proper support for all staff with log management responsibilities;
77:
NIST SP 800-92 address the following security log management challenges:
104:
Prioritize log management appropriately throughout the organization;
395:"Gramm-Leach-Bliley Act (Privacy of Consumer Financial Information"
144:
93:
Retention issues involving purging, long-term storage, and cost;
126:
64:
General - log parsing, event filtering and event aggregation;
30:
138:
376:
113:
Establish standard log management operational processes;
70:
Log
Analysis - event correlation, viewing and reporting;
273:
271:
84:
Ensuring immutability during storage and transmission;
101:
Establish policies and procedures for log management;
268:
107:
Create and maintain a log management infrastructure;
242:
193:
191:
466:
188:
480:National Institute of Standards and Technology
424:"Payment Card Industry Data Security Standard"
357:. Health and Human Services. 20 November 2009
277:
197:
34:National Institute of Science and Technology
24:National Institute of Science and Technology
280:"Guide to Computer Security Log Management"
200:"Guide to Computer Security Log Management"
90:Importance of a consistent review schedule;
81:Log volume exceeding the rate of analysis;
278:Kent, Karen; Souppaya, Murugiah (2006).
198:Kent, Karen; Souppaya, Murugiah (2006).
29:
467:
174:NIST Computer Security Resource Center
316:
387:
162:
13:
369:
355:Summary of the HIPAA Security Rule
343:
322:
14:
496:
453:
381:A Guide to the Sarbanes-Oxley Act
351:"Summary of HIPAA Security Rule"
87:Inconsistent vendor log formats;
460:NIST Special Publication 800-92
20:NIST Special Publication 800-92
416:
236:
1:
155:
117:
38:
377:"Sarbanes-Oxley Act of 2002"
7:
10:
501:
431:Security Standards Council
47:
295:10.6028/NIST.SP.800-92
256:Cite journal requires
215:10.6028/NIST.SP.800-92
35:
33:
73:Disposal - clearing;
55:information security
485:Security compliance
475:Information privacy
170:"NIST Publications"
36:
383:. Addison-Hewitt.
323:Radack, Shirley.
492:
447:
446:
444:
442:
428:
420:
414:
413:
411:
409:
399:
391:
385:
384:
373:
367:
366:
364:
362:
347:
341:
340:
338:
336:
320:
314:
313:
311:
309:
284:
275:
266:
265:
259:
254:
252:
244:
240:
234:
233:
231:
229:
204:
195:
186:
185:
183:
181:
166:
500:
499:
495:
494:
493:
491:
490:
489:
465:
464:
456:
451:
450:
440:
438:
426:
422:
421:
417:
407:
405:
397:
393:
392:
388:
375:
374:
370:
360:
358:
349:
348:
344:
334:
332:
321:
317:
307:
305:
282:
276:
269:
257:
255:
246:
245:
241:
237:
227:
225:
202:
196:
189:
179:
177:
168:
167:
163:
158:
120:
50:
41:
17:
12:
11:
5:
498:
488:
487:
482:
477:
463:
462:
455:
454:External links
452:
449:
448:
415:
386:
368:
342:
315:
287:NIST Sp 800-92
267:
258:|journal=
235:
207:NIST Sp 800-92
187:
160:
159:
157:
154:
153:
152:
148:
142:
136:
130:
119:
116:
115:
114:
111:
108:
105:
102:
95:
94:
91:
88:
85:
82:
75:
74:
71:
68:
65:
49:
46:
40:
37:
15:
9:
6:
4:
3:
2:
497:
486:
483:
481:
478:
476:
473:
472:
470:
461:
458:
457:
436:
432:
425:
419:
403:
396:
390:
382:
378:
372:
356:
352:
346:
330:
326:
319:
304:
300:
296:
292:
288:
281:
274:
272:
263:
250:
239:
224:
220:
216:
212:
208:
201:
194:
192:
175:
171:
165:
161:
149:
146:
143:
140:
137:
134:
131:
128:
125:
124:
123:
112:
109:
106:
103:
100:
99:
98:
92:
89:
86:
83:
80:
79:
78:
72:
69:
66:
63:
62:
61:
58:
56:
45:
32:
28:
25:
21:
439:. Retrieved
434:
430:
418:
406:. Retrieved
401:
389:
380:
371:
359:. Retrieved
354:
345:
333:. Retrieved
329:ITL.NIST.gov
328:
318:
306:. Retrieved
286:
249:cite journal
238:
226:. Retrieved
209:: ES-1,1-1.
206:
178:. Retrieved
173:
164:
121:
96:
76:
59:
51:
42:
19:
18:
441:26 February
408:26 February
361:26 February
335:26 February
308:26 February
289:: 3-3,3-4.
228:26 February
180:26 February
469:Categories
156:References
118:Compliance
39:Background
303:221183642
223:221183642
402:FDIC.gov
325:"Editor"
151:failure.
145:PCI DSS
437:. 2013
404:. FDIC
331:. NIST
301:
221:
176:. NIST
427:(PDF)
398:(PDF)
299:S2CID
283:(PDF)
219:S2CID
203:(PDF)
127:HIPAA
48:Scope
443:2015
410:2015
363:2015
337:2015
310:2015
262:help
230:2015
182:2015
139:GLBA
291:doi
211:doi
133:SOX
471::
433:.
429:.
400:.
379:.
353:.
327:.
297:.
285:.
270:^
253::
251:}}
247:{{
217:.
205:.
190:^
172:.
445:.
435:3
412:.
365:.
339:.
312:.
293::
264:)
260:(
232:.
213::
184:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.