Network logs
usually capture access, up time, modification attempts, etc. Adequacy will
depend on what the organization is looking for and what they do with the
information once it is received.
Looking at it from this angle, one of the first
things that needs to be determined is why is the organization logging certain
things. If they don't know why they are logging, they probably can not
define what an exception is, and therefore do not know when or what action
should be taken.
Richard Lowery
Senior IS Auditor, CISA, CRP
First National Bank of
Omaha
[Lowery, Richard] -----Original Message-----
From: James Shannahan [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 11, 2002 8:27 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Question on Network Logging
at the general internal controls level, without getting technical, you would be interested to know what kinds of network activity the organization logs, and more importantly who reviews the logs and do they take action when exceptions are noted? logs dont function as controls if no one looks at them and takes action.....once you are past the general concepts, based on the organization, there may be specific logging requirements from their regulatory bodies and from management or Best Practices, otherwise known as Common Sense.............for example, if the organization is involved in research and development of proprietary information, one would reasonably expect greater protection efforts aimed at that data.........but a sales oriented organization would make part of its network open to the world in search of new customers.........and in the public sector, open records laws require access to records but not their modification.....so we are back to the old accounting jokes where the punch line is: It depends.....James Shannahan, CCP, CSQA, CISA
Sr. Information Systems Auditor
City of Milwaukee (Wisconsin, not North Carolina)
[EMAIL PROTECTED]
414 286 2382*neither the Comptroller nor I speak for each other*
>>> Jim Kaplan <[EMAIL PROTECTED]> 12/10/02 9:04:31 PM >>>
An AuditNet user submitted the following question. As I am not a technical
auditor I thought I would pose the question to the list.
I am an internal auditor and have been asked to review the network logging
procedures for adequacy. What kinds of things should a company log and review?
