Randy,
Good work, it will be interesting to discuss.
One thing to add to the "regulatory" heap is ISO 27001. Although itself
is not a regulation, it is a fairly widely used standard for security
management. It has controls for audit logging and protection of logs. It
says that audit logs should include, when relevant:
> a) user IDs;
> b) dates, times, and details of key events, e.g. log-on and log-off;
> c) terminal identity or location if possible;
> d) records of successful and rejected system access attempts;
> e) records of successful and rejected data and other resource access
> attempts;
> f) changes to system configuration;
> g) use of privileges;
> h) use of system utilities and applications;
> i) files accessed and the kind of access;
> j) network addresses and protocols;
> k) alarms raised by the access control system;
> l) activation and de-activation of protection systems, such as
> anti-virus systems and
> intrusion detection systems.
For protection, it focuses on integrity, not confidentiality:
> a) alterations to the message types that are recorded;
> b) log files being edited or deleted;
> c) storage capacity of the log file media being exceeded, resulting in
> either the failure to
> record events or over-writing of past recorded events.
--
Regards,
Brian Smithson
PM, Security Research
PMP, CSM, CISSP, CISA, ISO 27000 PA
Advanced Imaging and Network Technologies
Ricoh Americas Corporation
(408)346-4435
Randy Turner wrote:
> Hi All,
>> I had an action item (one of many I understand) to generate some thoughts on my earlier proposal for work on a common log format for hardcopy devices. Attached is a PDF doc with a brain-dump of what I'm thinking at the moment on this topic.
>> Let me know what you think.
>> if any of the security-related aspects of this doc intersect or overlap with what is documented in any of the p2600 work, please let me know.
>> Thanks!
> Randy
> (SEE ATTACHED)
>>>> ------------------------------------------------------------------------
>> _______________________________________________
> ids mailing list
>ids at pwg.org>https://www.pwg.org/mailman/listinfo/ids>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ids/attachments/20100607/816968ff/attachment-0001.html>