Home
News
E-mail Newsletters
Blogs
Tech Dispenser
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Print Subscriptions

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Data Management
Storage
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 

Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

Steps for preserving the integrity of log data

Jian Zhen   Today’s Top Stories    or  Other Storage Stories  
 

Sign up to receive Security Resource Alerts

November 03, 2005 (Computerworld) -- In the past few years, companies have spent billions of dollars to update their IT infrastructures to meet requirements from various government regulations such as Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act.
One of the more noticeable and most important recommendations of these regulations is record-keeping. For example, Sarbanes-Oxley recommends that all companies "maintain financial records for seven years." In order to ensure the accuracy of corporate financial and business information, this recommendation also pertains to records that are used to "audit unauthorized access, misuse and fraud." Other regulations such as HIPAA also recommend keeping records for up to six years.
Altered log data prohibits court admissibility
The integrity of information is crucial when submitting evidence to the court. Just like crime-scene evidence, which prosecutors must prove hasn't been tampered with, electronic data submitted to the court must adhere to the same stringent requirements. As such, log data generated by the IT infrastructure also has to be archived in its original and unaltered format.
Reports generated from the logs are usually insufficient to convince the other side (defense or prosecution) that they haven't been tampered with. Lawyers from either side may question the accuracy of the reports and will want to perform their own analyses. For example, if you claim that someone has sent out data from the Sarbanes-Oxley-related financial servers, how do you substantiate that claim? Tampered data can't be used as evidence to prove your claim. In these scenarios, unaltered logs have to be provided.
In addition to the unaltered logs, evidence may be needed to prove that the logs weren't tampered with. Some companies have chosen to digitally sign the log files collected and then keep the digital signatures at a location separate from the logs. Others have chosen to store logs on WORM (write once, read many) drives such as CD-ROM/DVD-ROM or storage devices such as EMC Corp.'s Centera. Both processes ensure that tampering of logs can be detected or prevented.
Documented collection processes enable trust
But why would the court or the auditors trust the archived unaltered logs? Auditors are always looking to see whether the log data can be tampered with or modified at any point during the collection process.

Continued...
1 | 2 | NEXT  



Print this Story Send Us Feedback E-mail this Story Digg! Digg this Story Slashdot this Story

Blogs

"Both Google and Apple appear to be rolling out new solid state disks in two different environments: the data center..." Read more...
"It's IT Blogwatch: in which Sun finally releases OpenSolaris, but with a surprising, cloud-computing twist, courtesy of Amazon EC2. Not..." Read more...
Read more Storage posts or See all Blogs

Tools circulate that crack Debian, Ubuntu keys
Former Microsoft manager offers free fix for XP SP3 'endless reboot'
Can Icahn take on the Yahoo board and win?
More top stories...
DNS trouble knocks NSA off Internet
Developers confirm, explain why they're avoiding Windows Vista
NASA moves to save computers from swarming ants

Shuttle Columbia's hard drive data recovered from crash site
Specialists have retrieved about 99% of the data on a disk drive on board the crashed space shuttle Columbia. Don't miss the photographs of the recovered drive.
The top 15 vaporware products of all time
These big ideas were supposed to revolutionize technology, but they never actually appeared. In a few cases, you'll be glad they didn't.
Opinion: Malware vs. anti-malware, 20 years into the fray
Nearly 20 years after the first Internet worm, Steven J. Vaughan-Nichols takes stock of the malware/anti-malware landscape and spotlights how the two sides are approaching the battle.
Leopard at six months: Does it live up to the early hype?
Though some thought it was released too soon, Mac OS X 10.5 has matured into a solid operating system, says reviewer Michael DeAgonia.

FROM THE BLOGOSPHERE

Windows Vista A to Z
Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS.
IT Careers 2010
Four years from now, the IT field will be a vastly different place. Will you be ready?
All Zones
Application Performance Zone
Enterprise-Class Security Zone
Enterprise Solutions Zone
The File Data Management Zone
Grid Computing on Windows Zone
Security Management Zone
ITIL Best Practices Zone
The SAS Zone
Storage Virtualization Zone
The Data Center Management Zone


Ads by TechWords

See your link here
Critical Considerations for Data De-duplication
Critical Considerations for Data De-duplication
Register for this live webcast, airing May 22nd at 2pm ET!
Go to the webcast 
Computerworld Technology Briefing: Automation + Virtualization = Datacenter Optimization
Download this Technology Briefing now!
(Source: CA) Apart from its merits, virtualization can introduce new levels of complexity into the datacenter. The complexity can impede the freeing up of valuable human resources to work on more strategic projects. What are needed are tools and solutions to help IT optimize resources while ensuring performance, availability, and business continuity.
Download this executive briefing download
The Missing Piece of Virtualization
Get this white paper now!
(Source: Neterion) Server virtualization saves money and increases flexibility.  But it faces some real limits.  Currently, I/O-intensive applications like databases or ERP systems are often excluded from virtualization, due to bottlenecks that are introduced by extra layers of software.

I/O virtualization changes the game.  With new industry-standard technologies and 10 Gigabit Ethernet, hardware-based IOV eliminates these bottlenecks, enabling higher numbers of VMs and applications per virtualized system. To uncover new cost saving opportunities, read this new whitepaper and find the missing piece of virtualization.
Download this white paper go
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Six Support Issues That Keep Execs Awake at Night
Spam Spikes: A Real Risk to Your Business
The New Foundation of Storage: Xiotech's Intelligent Storage Element
View more whitepapers 

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDG Connect IDG World Expo Infoworld
The Industry Standard ITworld JavaWorld LinuxWorld MacUser Macworld Network World PC World Playlist
Copyright © 2008 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.