The threat from hackers and cyberattackers has never been greater, and no company is too small, or too large, to fall victim to this danger. Whether you own a small mom-and-pop shop, a major multinational corporation or a business that is somewhere in between, you cannot afford to leave the security of your firm, and the customer information you collect, to chance.
That is why so many businesses are installing sophisticated software to detect security breaches, catch hacking attempts at their earliest stages and alert the IT staff at the first sign of trouble. But simply installing that software is not enough. In order to be useful, the results those security programs generate must be carefully analyzed, and that is what log monitoring is all about.
Log monitoring is more than just a good idea, and much more than a way for businesses to keep their customer data safe. Careful monitoring of security logs is also the law, and there are extensive regulatory requirements governing everything from the detection of cyberattacks and hacking attempts to the way successful and unsuccessful attempts at intrusion are handled and reported.
In fact, a large percentage of event management and log management activities are deployed to meet the requirements of regulatory compliance. Even so, the proscriptions regarding security practices in general, and log monitoring in particular, are often vague and confusing, making the job of the IT department that much harder and more complicated.
One of the biggest problems facing IT professionals and management teams alike is that the value of those security logs is often minimized, or even dismissed entirely. IT pros may recognize the value of security software and log monitoring, but convincing their bosses to allocate the required resources is often an uphill battle.
IT professionals can fight back against that complacency by focusing on the regulatory necessity of log monitoring and how carefully checking the daily security logs could shield the company from legal liability in the event of a breach. Getting the management team on board and demonstrating how log monitoring is the first line of defense is essential, and to do that IT professionals need a basic understanding of the applicable regulatory requirements.
Credit Card Regulations
Companies that accept credit cards must abide by the strictures of the Payment Card Industry Data Security Standard (PCI DSS). This regulatory standard requires that companies log specific details, and that they implement log review procedures designed to prevent credit card fraud and keep customer data safe.
At the heart of the PCI DSS regulations is Requirement 10, a section that is dedicated to logging and log management. This section of the PCI DSS code requires businesses to maintain logs for all system components. The regulation further requires businesses to review those logs on at least a daily basis.
The PCI DSS standard also requires businesses to implement file integrity monitoring and ensure that they have change detection software in place to make sure logs cannot be changed without triggering an alert to the appropriate IT staff members.
ISO 2700x Compliance
The ISO standards should be familiar to members of upper management, but those key players may not understand the specific requirements of ISO 2700x. The ISO 2700x standards provide guidance for the management and security of information systems, including the retention of audi logs.
In order to remain compliant with the ISO 2700x standards, businesses must make sure that audit logs are turned on for all applicable security events, including user activities, logon attempts and exceptions. It is important for companies to retain the applicable audit logs for the required period of time, and to keep them available for review by auditors, government regulators and others with a need to know.
Understanding the ins and outs of the regulatory framework is no easy task, but having a basic understanding of how these regulations work and where they fit into the big picture is essential. Log monitoring is a vital part of computer security in the digital age, and neglecting that monitoring could have disastrous consequences. By arming themselves with information and presenting their findings to the management team, IT professionals can get the support they need to keep their systems safe and secure and keep their companies out of regulatory and legal hot water.