[logs] Log Policy

Fenwick, Wynn wynn.fenwick at cgi.com
Fri Feb 1 08:58:20 PST 2008 

I would check out the following non-exhaustive list:

My PCI pointers are in scope if you are doing credit cards and the like.
My ISO 17799 pointers are based on an older version of ISO 270001.

Necessity for Existence 
Enable Audit Logging (17799 §10.10.1)
 
External System Inputs, Process and Dependency
Link System Component Access to an Individual User (PCI §10.1)
File Integrity Checks (PCI § 11.5)
 
Collection Scope, Filtering and Granularity  
Log Message Contents (PCI §10.3)
 
Supported Operational Processes    
Monitoring System Use (17799 §10.10.2)
Fault Logging Activities (17799 §10.10.5)
Log Review and Scope Definition (PCI §10.6)
 
Administration of Collection Systems   
Separation of Duties (17799 §10.1.3)
Administrator Logs and Segregation of Duties (17799 §10.10.4)
 
Preservation of Forensic Value    
Protection of Log Information (17799 §10.10.3)
Secure Audit Trails from Alteration (PCI §10.5)
Clock Synchronization (17799 §10.10.6)
Clock Synchronization (PCI §10.3)
 
Retention and Storage 
Collection and Retention of Logs as Evidence  (17799 §10.10.4)
Retention of Logs (PCI §10.7)

Hope it helps!

Wynn

--
Wynn Fenwick, GCIH, GCIA, ITIL
Chief Technical Architect
CGI Managed Security Solutions
Tel: (613) 740-5900 x5192

-----Original Message-----
From: loganalysis-bounces at loganalysis.org [mailto:loganalysis-bounces at loganalysis.org] On Behalf Of Greg Vickers
Sent: Wednesday, January 30, 2008 8:27 PM
To: loganalysis at loganalysis.org
Subject: [logs] Log Policy

Hi,

I am drafting a Log Policy for the Queensland University of Technology and was wondering if any list members have such a policy (for their organisation or employer) that they would be willing to send me, or to point me at?

If you know of a good resource, or tips on writing such a policy, please let me know :)

Thanks,
--
Greg Vickers
IT Security Engineer & Project Manager
IT Security, Network Services,
Information Technology Services
Queensland University of Technology
L12, 126 Margaret St, Brisbane
Queensland, Australia

Phone: +61 7 3138 6902
Mobile: 0410 434 734
Fax: +61 7 3138 2921
Email: g.vickers at qut.edu.au
IT Security web site: http://www.its.qut.edu.au/itsecurity/

CRICOS No. 00213J

More information about the LogAnalysis mailing list