Proactive Log Management in Banking - Why is it important and what inhibits it by Van Symons
Upcoming SlideShare
Loading in...5
×
 

Proactive Log Management in Banking - Why is it important and what inhibits it by Van Symons

on

  • 349 views

 

Statistics

Views

Total Views
349
Views on SlideShare
349
Embed Views
0

Actions

Likes
0
Downloads
9
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Proactive Log Management in Banking - Why is it important and what inhibits it by Van Symons Proactive Log Management in Banking - Why is it important and what inhibits it by Van Symons Document Transcript

    • Proactive Log Management in Banking: Why it is important and what inhibits it By Van Symons, President, Clear Technologies, Inc. Executive SummaryWith annual industry expenditures for technology topping an estimated $30 billion, the bankingindustry clearly relies on technology to better serve customers. This dependence has continued togrow since the Internet and e-commerce exploded in the 1990s. The unintended consequence of thisreliance on computers is exposure to data breaches.Why breaches occur? In speaking with customers and reviewing existing research, a majority ofbreaches in banking occur for three reasons: 1. Outsourced data 2. Hacking is a lucrative business 3. Employee retributionWhy should the banking industry care? The banking industry should be particularly interested inmitigating data breaches because: 1. It costs a lot to fix 2. Brand Blemish 3. Intellectual Property 4. Regulations/Laws 5. Mandates 6. Standards/ControlsAttenuate breach impacts. Because it typically takes attackers days to get into a company’s networkand steal data, a recent Verizon RISK and U.S. Secret Service Data Breach Investigations Reportrecommended that IT should constantly monitor server activity and red-flag any suspicious activity.The best method to vigilantly monitor devices and applications is to monitor their logs. As a result, sincethe banking industry heavily relies on technology to serve customers, monitoring “log data” or logmanagement for devices, servers, and applications is too important of a task to be overlooked.The causes of log management lapses. Despite log management being a great first-line of defenseagainst a data breach, analyzing logs is seldom adequately performed. In order to ensure adherenceto laws and mollify ramifications, banking IT executives must first understand the human factors thatinhibit this important task: 1. Most people dislike tedious work. 2. No time to ensure uptime; no time to prevent downtime. 3. “NAH”: Not Affected Here.The Real Solution. Log data management is too important of a task to be overlooked. A great way tohelp to counteract these three behavioral issues is to provide your IT staff with the right solution to theirproblem in order to resolve your problem.Since 1993, Clear’s customers have relied on them to meet their hardware needs. Today, their customers look to them to increase their organizationaleffectiveness by providing continuity, infrastructure, security, and virtualization solutions. Based in Coppell, Texas, Van can be reached atwww.cleartechnologies.net/DynamicLogAnalysis or (972) 906 -7500 or vsymons@cleartechnologies.net. -1-
    • Proactive Log Management in Banking: Why it is important and what inhibits it By Van Symons, President, Clear Technologies, Inc.With annual industry expenditures for technology topping an estimated $30 billion,the banking industry clearly relies on technology to better serve customers. Thisdependence has continued to grow since the Internet and e-commerce explodedin the 1990s.Exposure to computer systems’ vulnerabilities has also grown at an alarming rate asattackers strive to identify and make the most of vulnerabilities. Consequently,computers are attacked and compromised on a daily basis. A recent Verizon RISKand U.S. Secret Service Data Breach Investigations Report stated that servers andapplications comprise 50% of all breached assets. These attacks steal personalidentities, bring down an entire network, disable the online presence of businesses, oreliminate sensitive information that is critical for personal or business purposes. Onesecurity survey noted how in 1997, 37% of respondents reported a breach. A 2009report by the Ponemon Institute, a privacy management research firm, reported afigure of 85%. Banks are especially susceptible.Over the past several years, Virginia’s DHS system, TJX, Heartland Payment Systems,Google, and T-Mobile have been adversely affected by breaches. The HeartlandPayment Systems breach had a ripple effect that exposed customer credit carddetails at over 675 regional banks. Interestingly, since the breach, six of the bankshave, according to the FDIC, failed (1st Pacific Bank of California, Columbia RiverBank, Prosperan Bank, Rainier Pacific Bank, Sun West Bank, and TierOne Bank).Why Breaches Occur?In speaking with customers and reviewing existing research, a majority of breachesoccur in banking for three reasons: the increase of outsourced data, hacking is alucrative business, and employee retribution.Outsourced Data. Increasingly, cost conscious companies in the banking industry areoutsourcing work to achieve economies of scale. The unintended consequence, asstated by the 2010 Ponemon study is that 42% of all breach cases involved third partymistakes. Data breaches involving outsourced data to third parties, especially whenthe third party is offshore, are most costly. The per capita cost for data breachesinvolving third parties is $217 versus $194, more than a $21 difference, according toPonemon. The per capita cost of a data breach involving a negligent insider or asystems glitch averages $154 and $166, respectively.Hacking is a lucrative business. In November 2008, the Atlanta-based U.S. paymentprocessing division for Royal Bank of Scotland, RBS Worldpay network, was infiltratedby hackers. The hackers obtained unauthorized access and were then able toSince 1993, Clear’s customers have relied on them to meet their hardware needs. Today, their customers look to them to increase their organizationaleffectiveness by providing continuity, infrastructure, security, and virtualization solutions. Based in Coppell, Texas, Van can be reached atwww.cleartechnologies.net/DynamicLogAnalysis or (972) 906 -7500 or vsymons@cleartechnologies.net. -2-
    • Proactive Log Management in Banking: Why it is important and what inhibits it By Van Symons, President, Clear Technologies, Inc.reengineer personal identification numbers from a data feed, and defeat the creditcard processing systems encryption. In half a day, the hackers stole over $9 million.Hackers utilize multiple methods to obtain sensitive information including, stealingcomputers, combing through sensitive lost documents, brute force attacks, andviruses. According to the Internet Security Threat Report published by Symantec inApril 2009, attackers released Trojan horses, viruses, and worms at a record pace in2008, primarily targeting computer users’ confidential information, in particular theironline banking account credentials. Symantec documented a record of 1.6 millioninstances of malicious code on the Web in 2008, about one million more than 2007.Twenty four percent of all cases in Ponemon’s 2010 study involved a malicious orcriminal attack that resulted in the loss or theft of personal information. Moreover,two types of data most often compromised is credit card information (54% of allbreaches) and bank account information (32% of all breaches) according to theVerizon RISK and U.S. Secret Service Data Breach Investigations Report.Employee retribution. In 2008, the Bank of New York breach made national headlines.In the second quarter of 2010, the New York Country District Attorneys Office statedthat a computer technician formerly employed as a contractor at the headquartersof the Bank of New York was to blame. Over an eight year period, the culprit stolepersonal identifying information of 2,000 bank employees and organized thefts ofmore than $1.1 million from various organizations, including charities and nonprofitorganizations.The Identity Theft Resource Center, a San Diego based nonprofit, found that of theroughly 250 data breaches publicly reported in the United States between January 1and June 12, 2008, victims blamed the largest share of incidents on theft byemployees (18.4 %). This year, the 2010 Data Breach Investigations Report by VerizonRISK and the U.S. Secret Service, 48% of data breaches across all industries werecaused by insiders.Why Should I care?In recent years, banks have paid increasing attention to IT security. This isunderstandable given the sheer amount of information now in digital form. A recentInformationWeek Analytics survey revealed that 75% of its executive levelrespondents (among all industries) stated that information security is among itshighest priorities. Some reasons include it costs a lot to fix, diffuses the strength of abrand, places intellectual property at risk, and has initiated widespread regulation,mandates, and control standards.Since 1993, Clear’s customers have relied on them to meet their hardware needs. Today, their customers look to them to increase their organizationaleffectiveness by providing continuity, infrastructure, security, and virtualization solutions. Based in Coppell, Texas, Van can be reached atwww.cleartechnologies.net/DynamicLogAnalysis or (972) 906 -7500 or vsymons@cleartechnologies.net. -3-
    • Proactive Log Management in Banking: Why it is important and what inhibits it By Van Symons, President, Clear Technologies, Inc.It costs a lot to fix. Executives are focused on information security because of theaccompanying liability costs of the ever-increasing volume of corporate andpersonal information theft. In certain cases, these events result in costly lawsuits withmuch of the fees being paid to litigation service firms to sift through inaccessible,unorganized volumes of data. According to the American Banker’s Association someof the biggest costs associated with a breach are those from reissuing credit anddebit cards, covering fraudulent charges from stolen card numbers, and closingaccounts placed at risk. In other cases, companies incur the expense of setting upcredit monitoring services for customers affected by the breach. According to thelatest Ponemon Institute study, the cost per compromised customer record is $204and the average total cost of a data breach is $6.75 million, which is up by 44% since2006.The Internet Crime Complaint Center, a partnership of the FBI, the National WhiteCollar Crime Center, and Bureau of Justice Assistance, reported that the number ofcomplaints from victims of cyber crime rose by almost a third since 2007. The totalnumber reached 275,284, amounting to $265 million in money lost. Research showsdata breaches involving malicious or criminal acts are much more expensive thanincidents resulting from negligence or systems glitch ($154 and $166 per record,respectively). The per capita cost of a data breach involving a malicious or criminalact averages $215. In instances where a bank issued cards affected by a breach,these costs can mount quickly, and the bank ends up bearing all of the costs itself.Brand blemish. Next, executives are focused on information security in order topreserve brand value. For years, Business Week/InterBrand has published their yearlyfindings on the top 100 Brands. Because stability is one of the factors for determininga brand’s value, one can assume that a customer will be doubtful of the stability of abrand that cannot protect their information.John Watkins, the former SVP of online services at Wachovia (now Wells Fargo),echoes this sentiment, "Data breaches and any type of security concern in the onlinespace affect customer confidence…Were concerned that customers will loseconfidence if we cant provide them with a good feeling that they are safe online. Itsabout trust."Building trust is especially needed in the already negative-publicity prone bankingindustry. “For the second year in a row, banks experienced a significant increase incomplaints coinciding with 140 bank failures in 2009,” said the Better Business Bureau(BBB). “Trust in the financial sector is already extremely low and the dramatic increasein BBB complaints against banks reflects the growing discord between consumersand the industry.” As a result, the banking industry has been through what marketingexperts call brand image turmoil in the aftermath of the financial meltdown.Since 1993, Clear’s customers have relied on them to meet their hardware needs. Today, their customers look to them to increase their organizationaleffectiveness by providing continuity, infrastructure, security, and virtualization solutions. Based in Coppell, Texas, Van can be reached atwww.cleartechnologies.net/DynamicLogAnalysis or (972) 906 -7500 or vsymons@cleartechnologies.net. -4-
    • Proactive Log Management in Banking: Why it is important and what inhibits it By Van Symons, President, Clear Technologies, Inc.Because the banking industry understands that consumer perceptions of trust areimportant, this year banks have increased their advertising budgets to offset thenegative publicity and to rebuild consumer trust. One example is Citizens Banks latestcampaign, ‘Good Banking is Good Citizenship.’ Warren Zafrin, a partner with KPMGsums it up best, "Over time, security will be a differentiator for banks. Its abouttrust…security really goes beyond preventing data breaches to enhancingrelationships.”Intellectual property. Because superior intellectual property leads to servicedifferentiation, executives view it as a key asset that, in the midst of hard economictimes, ensures revenue, market share, and long-term profitable growth. Anintellectual property breach can include unauthorized access, copying, disclosure oruse of client information, trade secrets, copyrighted materials, ongoing research,strategy, M&A plans, and other such information.Bradford Newman, the leader of the International Employee Mobility and TradeSecrets practice at the law firm Paul Hastings Janofsky & Walker LLP, states, “Mostbanks do have good data security practices. But to recover that data from thethousands of employees across the globe is a new risk… companies first have to askthemselves what their trade secrets are, where the most at-risk secrets lie, and, inconnection with the recent layoffs, how they can reduce the risk of disclosure andmaximize the chance of recovering the data." As such, protecting intellectualproperty is essential for any organization.Regulations/Laws. The current system for regulating and supervising financialinstitutions is complex. According to the FDIC, “This complicated regulatory structurecame about because financial regulation has been responsive to several traditionalthemes in U.S. history. Among them are a distrust of concentrations of financialpower, including a concentration of regulatory power; a preference for marketcompetition; and a belief that certain sectors of the economy should be ensuredaccess to credit, a belief that has led to a multiplicity of niche providers of credit. Thenation’s complex regulatory structure was designed to deal with all of thesesometimes conflicting objectives.”Although many of the newer laws have focused on consumer protection, a numberof others have addressed issues of regulation and supervision related to concernsabout safety and soundness. As such, banks in the United States are obligated toreduce ‘operational risk’, the risk of loss resulting from inadequate or failed internalprocesses, people and systems, or from external events, by monitoring systems andprocedures to detect actual and attempted attacks on or intrusions into customerinformation systems by the following laws:Since 1993, Clear’s customers have relied on them to meet their hardware needs. Today, their customers look to them to increase their organizationaleffectiveness by providing continuity, infrastructure, security, and virtualization solutions. Based in Coppell, Texas, Van can be reached atwww.cleartechnologies.net/DynamicLogAnalysis or (972) 906 -7500 or vsymons@cleartechnologies.net. -5-
    • Proactive Log Management in Banking: Why it is important and what inhibits it By Van Symons, President, Clear Technologies, Inc. 1. Section 216 of the Fair and Accurate Credit Transactions Act (2003) (FACT Act) - must provide for the identification, detection, and response to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft. Within banks, this requirement can only be sufficiently met through monitoring. 2. Section 501(b) of the Gramm-Leach-Bliley Act (1999) states that a bank should manage and control risk by “monitoring systems and procedures to detect actual and attempted attacks on or intrusions into customer information systems” both internally and with service providers and is the all encompassing successor to the following: a. Section 39 of the Federal Deposit Insurance Act b. Code of Federal Regulations: Title 12: Banks and Banking - Code of Federal Regulations, Part 30, Appendix B c. Code of Federal Regulations: Title 12: Banks and Banking - Code of Federal Regulations, Part 208, Appendix D-2 d. Code of Federal Regulations: Title 12: Banks and Banking - Code of Federal Regulations, Part 225, Subpart J, Appendix F e. Code of Federal Regulations: Title 12: Banks and Banking - Code of Federal Regulations, Part 263, Subpart I, Appendix D-1 f. Code of Federal Regulations: Title 12: Banks and Banking - Code of Federal Regulations, Part 364, Appendix B g. Code of Federal Regulations: Title 12: Banks and Banking - Code of Federal Regulations, Part 570, Appendix h. Code of Federal Regulations Title 12 (Banks and Banking) 3. USA Patriot Act (2001). Although this Act does not directly ask an organization to monitor, it increases the ability of law enforcement agencies to search telephone, email communications, medical, financial, and other records. As a result, log management is necessary for compliance. 4. Sarbanes-Oxley Act (2002). The formal name of this act is the Public Company Accounting Reform and Investor Protection Act of 2002. This act requires the boards, accounting firms, and management of publicly traded firms to adhere to a higher set of financial recording and reporting standards. The reporting requirements can only be sufficiently met through monitoring. 5. California Senate Bill 1386. California Senate Bill 1386 was introduced in July 2003. The bill was the first attempt by a state legislature to address the problem of identity theft by introducing stiff disclosure requirements for businesses and government agencies that experience security breaches that might contain the personal information of California residents. Implied in the bill is that in order to be to assess compliance, an organization should monitor their devices and applications regularly to adhere to the following, "Notice must be given to any resident of California whose PI is or is reasonably believed to have beenSince 1993, Clear’s customers have relied on them to meet their hardware needs. Today, their customers look to them to increase their organizationaleffectiveness by providing continuity, infrastructure, security, and virtualization solutions. Based in Coppell, Texas, Van can be reached atwww.cleartechnologies.net/DynamicLogAnalysis or (972) 906 -7500 or vsymons@cleartechnologies.net. -6-
    • Proactive Log Management in Banking: Why it is important and what inhibits it By Van Symons, President, Clear Technologies, Inc. acquired by an unauthorized person." Notice must be given in "most expedient time possible" and "without unreasonable delay" subject to certain provisions that define what reasonable is for your organization.Mandates. Mandates by the Basel Committee on Banking Supervision (Basel II) andPayment Card Industry Data Security Standard (PCI-DSS) all seek to manage risk.Basel II. Basel II improved on Basel I, first enacted in the 1980s, by offering morecomplex models for calculating regulatory capital in order to make risky investments,such as the subprime mortgage market in which higher risks assets are moved tounregulated parts of holding companies. In addition to safeguarding bank solvencywhile protecting the international financial system, Basel II also strives to reduceoperational risks. However, the Basel Committee on Banking Supervision recognizesthat operational risk is a term that has a variety of meanings and therefore, forinternal purposes, banks are permitted to adopt their own definitions of operationalrisk, provided the minimum elements in the Committees definition are included.Through compliance, banks are assured that they hold sufficient capital reserves forthe risk they expose the bank to through its lending and investment practices.PCI-DSS. Payment Card Industry Data Security Standard (PCI DSS), PCI DSS requirethat adequate activity logs are produced, there is restricted access to logs, and thatlogs are reviewed daily, all of which are encompassed in the following guidelines:• 10.5 – Secure audit trail so they cannot be altered Access to audit trails must be limited to READ access. If audit trails can be altered outside of the application, monitoring controls should be implemented via file-integrity monitoring tools as required in DSS 10.5.5. Alteration of audit trails should be investigated for propriety.• 10.6 – Review logs for all system components at least daily. Log reviews must include those servers that perform security functions such as IDS and VPN.The American Bankers Association (ABA). The ABA is the largest banking tradeassociation representing all categories of banking institutions, including community,regional, and money center banks. Although they do not have a mandate, the ABAsupports data security legislation and regulatory policy that creates a uniformstandard for data security across all types of businesses.Standards/Controls. Standards like the Control Objectives for IT (COBIT), the ISO 27001standard for Security Management, and the NIST Standards all seek to manage risk.COBIT. The Control Objectives for Information and related Technology (COBIT) isbased on a “plan-build-run-monitor” framework and is a comprehensive set of ITmanagement best practices managed by the IT Governance Institute (ITGI). TheSince 1993, Clear’s customers have relied on them to meet their hardware needs. Today, their customers look to them to increase their organizationaleffectiveness by providing continuity, infrastructure, security, and virtualization solutions. Based in Coppell, Texas, Van can be reached atwww.cleartechnologies.net/DynamicLogAnalysis or (972) 906 -7500 or vsymons@cleartechnologies.net. -7-
    • Proactive Log Management in Banking: Why it is important and what inhibits it By Van Symons, President, Clear Technologies, Inc.best practices are divided into four domains (Plan, Build, Run and Monitor) and 34high-level processes. It relies on understanding the inter-relationship betweentechnologies across the enterprise, real-time understanding of risks, impacts, andoperational variables. Its goal is instill vigilance through monitoring.ISO27001/2. ISO27001/2 is based on a “plan-do-check-act” framework and is derivedfrom the ISO 17799, ISO27001 and 2 (together known as ISO27001/2) wererenumbered in 2007 to conform to the ISO 27000 family numbering scheme.ISO27001/2 are a widely accepted international standard for information security thatwas established by the International Standards Organization and offers a broad set ofbest practices for information security controls across organizations of any type andassists all organizations - commercial, governmental or nonprofit - in the process ofmanaging information security. ISO 27001/2 a standard that offers oversight overindividual security controls. These controls call for the monitoring and analysis of datagenerated by all systems including IT infrastructure, network appliances and securitysolutions throughout the enterprise. The framework is comprised of twelve securityclauses that include 39 security categories with hundreds of control objectivesoverall. Its goal is mitigate risk through active vigilance.Mortgage Bankers Association (MBA). The MBA is a national association thatrepresents the real estate finance industry and includes more than 3,000 mortgagecompanies, mortgage brokers, commercial banks, thrifts, life insurance companies,and others in the mortgage lending field. Their Board of Directors Technology SteeringCommittee (BoDTech) released a comprehensive approach to informationassurance, which analyzes three critical areas of information assurance: legislativeand regulatory, audit practices, and security standards and framework. The modelwas created specifically so that mortgage firms could establish a comprehensive setof processes that would cover the requirements of the many compliance programs.The goal of the model is to provide a way for the mortgage industry to assure thatinformation, data, applications, and processes are in place to protect a firm, itsoperations and its customers. The policy and architecture step, takes deeper diveinto a firms operating environment. It addresses audit practices, including monitoringof devices and application.NIST Standards. The National Institute of Standards and Technology is a US federaltechnology agency that develops and promotes measurement, standards, andtechnology and relies on functional area framework of management, operational,and technical safeguards. Most banks have adopted this control framework. Thespecific log management control outlined with NIST standards rests within the AU-6Audit Monitoring, Analysis, and Reporting control. In a nutshell, the control states anorganization should report indications of inappropriate or unusual activity to anorganization official and be aware of change in risk to organizational operations.Since 1993, Clear’s customers have relied on them to meet their hardware needs. Today, their customers look to them to increase their organizationaleffectiveness by providing continuity, infrastructure, security, and virtualization solutions. Based in Coppell, Texas, Van can be reached atwww.cleartechnologies.net/DynamicLogAnalysis or (972) 906 -7500 or vsymons@cleartechnologies.net. -8-
    • Proactive Log Management in Banking: Why it is important and what inhibits it By Van Symons, President, Clear Technologies, Inc.Their “control enhancements” category serves to distill the broad goals set forth byAU-6, the NIST recommends:1. An organization’s information system must first integrate audit review, analysis, and reporting processes to support organizational processes for investigation and response to suspicious activities.2. An organization’s auditable data needs to be integrated, centralized, robust, and be able to thoroughly analyze data from multiple devices.3. An organization should correlate information from audit records with information obtained from monitoring physical access to further enhance the ability to identify suspicious, inappropriate, unusual, or malevolent activity.Statement on Auditing Standards No. 70 (SAS 70). SAS 70 was developed by theAmerican Institute of Certified Public Accountants to provide guidance toorganizations that provide third-party services and defines the standards an auditormust employ in order to assess their internal controls. It is an internationally-recognizedstandard that reviews all levels of technology service providers over a six-monthperiod for business practices, communication, internal procedures and security. TheSAS 70 report guidance articulates the requirements for assessing four items: the fairpresentation of managements description of controls, the suitability of the design ofmanagements controls, whether the controls are in place as of a specified date,and whether the controls operated with sufficient effectiveness to determine thatmanagements control objectives were achieved. This standard applies to banks(usually publically traded) that rely on hosted data centers, and third partyprocessors, to provide outsourcing services that affect the operation of the bank.The Solution?Attenuate breach impacts. A recent Verizon RISK and U.S. Secret Service Data BreachInvestigations Report recommended that IT staff should constantly monitor serveractivity and red-flag any suspicious activity because it typically takes criminals daysto get into a company’s network and steal data. The best method to vigilantlymonitor each device and applications is to monitor their logs. Therefore, monitoring“log data” or log management for devices, servers, and applications is too importantof a task to be overlooked because it acts as a great first-line of defense against adata breach.The Problem with the Solution. Why IT puts us at risk. At one of our recent customervisits, an IT executive was sharing his ongoing frustration with log management andanalysis. To complicate matters, he stated that the laws, regulations, and mandateson companies of all sizes have made analyzing logs a necessity. He shared thatalthough his company had both the human and technology assets to perform theSince 1993, Clear’s customers have relied on them to meet their hardware needs. Today, their customers look to them to increase their organizationaleffectiveness by providing continuity, infrastructure, security, and virtualization solutions. Based in Coppell, Texas, Van can be reached atwww.cleartechnologies.net/DynamicLogAnalysis or (972) 906 -7500 or vsymons@cleartechnologies.net. -9-
    • Proactive Log Management in Banking: Why it is important and what inhibits it By Van Symons, President, Clear Technologies, Inc.analysis; his team could not, in a repetitive and timely manner, because of thedifficulty in performing the task.Despite his frustration, we probed further to find out what drives this complexity. Wewere surprised to learn that three factors influence why log management andanalysis is not performed: it is tedious, time consuming, too abstract to tend to.No one likes tedious work. Most IT personnel are as generalized as being task versuspeople-oriented. Even so, they do not like to perform brainless tasks. Logmanagement falls into that category as an IT person would have to pour throughreams of data and somehow correlate and weight each security risk, which is a trulytedious task.No time to ensure uptime; no time to prevent downtime. On any given day, they areperforming multiple tasks that stretch their skills to the limit. Already overworked, oneIT administrator stated that he is responsible for maintaining a service level of 98% forhis 900 users, and maintaining/reviewing log data. But, he is only merited based on hisservice level performance. Consequently, he seldom manages and reviews his logsand hopes that an incident will not bring down his system.“NAH”. Weve all heard the phrase "NIH", not invented here. However, with IT staff, weconstantly witness a belief system of “NAH", not affected here. Because of thelimited time and multiple demands placed on an IT staff, many are forced to hopeand believe for the best. One IT analyst confided to us he hoped to never have abreach since a breach would cost about $25,000 an hour in lost productivity and on-time delivery performance.The real solution. Log data management is too important of a task to be overlooked.In order to ensure adherence to laws and potential costs, IT executives must firstunderstand, address, and resolve the human factors that inhibit this important task. Agreat way to help to counteract these three behavioral issues is to provide your ITstaff with the right solution to their problem in order to resolve your problem.Since 1993, Clear’s customers have relied on them to meet their hardware needs. Today, their customers look to them to increase their organizationaleffectiveness by providing continuity, infrastructure, security, and virtualization solutions. Based in Coppell, Texas, Van can be reached atwww.cleartechnologies.net/DynamicLogAnalysis or (972) 906 -7500 or vsymons@cleartechnologies.net. - 10 -