[logs] Summary of laws related to auditing and logging
Anton Chuvakin
anton at chuvakin.org
Tue Jul 10 16:40:58 PDT 2007
This thingie might fit as well:
http://www1.tools.ietf.org/html/draft-jones-opsec-06
since it has a section on logging:
"2.11 Event Logging Requirements
2.11.1 Logging Facility Uses Protocols Subject To Open Review
Requirement.
The device MUST provide a logging facility that is based on
protocols subject to open review. See Section 1.8. Custom or
proprietary logging protocols MAY be implemented provided the same
information is made available."
On 7/9/07, Tina Bird <tbird at precision-guesswork.com> wrote:
>
> Hi all -
>
> I've just finished a stab at a summary of laws and standards related to IT
> auditing and logging:
>
> http://www.splunk.com/base/HOWTOidentifyrelevantdataretentionperiods
>
> (never mind the name in the URL; the article developed a bad case of scope
> creep).
>
> I'd love comments and additions. In particular, I'm nearly entirely ignorant
> of the current status of such regulations in parts of the world other than
> the U.S. I'll be seeing what I can turn up with Google, but contributions
> from better-educated list members would be much appreciated. Especially if
> they include URLs.
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
http://chuvakin.blogspot.com
http://www.info-secure.org
More information about the LogAnalysis
mailing list