It's great listening to the conversation of the experts, thanks Bonny for
asking the question.  It would seem to me you'd want to retain just enough
information to statistically test your objectives...and were not talking
6sigma ..  On balance, just like all other areas of healthcare, should be
the rule.
----- Original Message -----
From: "St. Clair, James" <[EMAIL PROTECTED]>
To: "'Sheffel, William'" <[EMAIL PROTECTED]>; "'Street, Bunny'"
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Wednesday, March 13, 2002 12:00 PM
Subject: RE: retention of documentation


> I think this is where "Due Diligence" factors in. There is no reason to
> expect a rule where you are to retain 100's of gigs of log data,
> particularly because the more you have the less effective it becomes,
unless
> you have corresponding computer power to one day slog through a terabyte
of
> data looking for a historical occurrence.
>
> The real value is the ability to reduce a day's worth of port scans down
to
> relevant data, as William mentioned, and then retain that for some period
of
> time. Even that could be a lot of data, however.
>
> Jim St.Clair
> Critical Infrastructure Protection
> Vredenburg
> (703) 412-4611
>
>
> -----Original Message-----
> From: Sheffel, William [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, March 12, 2002 5:40 PM
> To: 'Street, Bunny'; [EMAIL PROTECTED]; '[EMAIL PROTECTED]'
> Subject: RE: retention of documentation
>
>
> While the time frame for the retention of Audit Logs is unclear at this
> time, the bigger issue is, do you have the technical capability to monitor
> your logs in real-time or with some short latency period? Have you been
able
> to define what constitutes a violation of your policy for access? Can you
> monitor policy violations from log data?
>
> If you have the technical capability to reduce log data to events
> (activities which may violate policy) and then investigate events and boil
> them down to Incidents (activities which have violated policy and require
> some focused action to remediate the events), then you may only need to
> retain the Event and/or Incident data from the logs. Depending on the size
> of your organization log data from various applications, servers and
network
> appliances may require 100's of gigabytes of offline storage and will in
> some cases require Terabytes of offline storage for log data. Storage of
> Events and/or Incidents may reduce your storage needs on an order of
> magnitude ranging from 20 to 100.
>
> Best to have a plan on how to capture, analyze, and reduce log data to
> reportable and actionable Incidents prior to spending lots of $$ on mass
> storage devices.
>
> Contact me off line if you have additional questions.
>
> William Sheffel
> Healthcare Practice Leader
> Veritect
>
> 703-851-3075
>
> -----Original Message-----
> From: Street, Bunny [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, March 12, 2002 1:34 PM
> To: [EMAIL PROTECTED]; '[EMAIL PROTECTED]'
> Subject: RE: retention of documentation
>
>
> thanks to everyone for all the responses. While I am familiar with
> references in the Privacy regs, my state statutes, my own organizational
> p/p's, it appears that everyone agrees that there are no references in the
> security regs to documentation retention.  Opinions are varied from....
> likely to follow the Privacy regs....to....create your own....to follow
your
> state, etc........ thanks again
>
> -----Original Message-----
> From: Street, Bunny [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, March 12, 2002 10:22 AM
> To: [EMAIL PROTECTED]; '[EMAIL PROTECTED]'
> Subject: RE: retention of documentation
>
>
> Although the security regs are in proposed status, is anyone aware of
> references to retention requirements for documentation; such as how long
> should audit information be retained?  Thanks
>
> Leslie Street
> Privacy Specialist
> Mountain States Health Alliance
> Johnson City, TN 36704
> 423-431-1661
> [EMAIL PROTECTED]
>
>
>
>
> **********************************************************************
> To be removed from this list, send a message to: [EMAIL PROTECTED]
> Please note that it may take up to 72 hours to process your request.
>
> **********************************************************************
> To be removed from this list, send a message to: [EMAIL PROTECTED]
> Please note that it may take up to 72 hours to process your request.
>
> **********************************************************************
> To be removed from this list, send a message to: [EMAIL PROTECTED]
> Please note that it may take up to 72 hours to process your request.
>
> **********************************************************************
> To be removed from this list, send a message to: [EMAIL PROTECTED]
> Please note that it may take up to 72 hours to process your request.
>


**********************************************************************
To be removed from this list, send a message to: [EMAIL PROTECTED]
Please note that it may take up to 72 hours to process your request.

Reply via email to