• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Proactive Log Management in Insurance by Van Symons
 

Proactive Log Management in Insurance by Van Symons

on

  • 498 views

 

Statistics

Views

Total Views
498
Views on SlideShare
498
Embed Views
0

Actions

Likes
0
Downloads
8
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Proactive Log Management in Insurance by Van Symons Proactive Log Management in Insurance by Van Symons Document Transcript

    • Proactive Log Management in Insurance: Why it is important and what inhibits it By: Van Symons, President, Clear Technologies Executive SummaryUntil recently, insurers that did not see the Internet as a key component in their marketing strategy andwere focused on cost management and reduction. However, a steadily growing number of insurershave a significant online presence and are more consumer-oriented. As such, insurance carriers andagencies alike are embracing information technology advances that accelerate the speed at whichnew business can be acquired and existing business can be renewed or processed. This shift is causinga drive to get more security controls in place as many insurers are far less confident that traditionalsecurity controls will protect their organizations from data breaches.Why breaches occur? In speaking with customers and reviewing existing research, a majority ofbreaches in insurance occur for three reasons: 1. Carelessness 2. Outsourced data 3. Hacking is a lucrative business 4. Employee retributionWhy should the insurance industry care? The insurance industry should be particularly interested inmitigating data breaches because: 1. It costs a lot to fix 2. Brand Blemish 3. Intellectual Property 4. Regulations/Laws 5. Mandates 6. Standards/ControlsAttenuate breach impacts. Because it typically takes attackers days to get into a company’s networkand steal data, a recent Verizon RISK and U.S. Secret Service Data Breach Investigations Reportrecommended that IT should constantly monitor server activity and red-flag any suspicious activity.The best method to vigilantly monitor devices and applications is to monitor their logs. As a result, sincethe insurance industry heavily relies on technology to serve customers, monitoring “log data” or logmanagement for devices, servers, and applications is too important of a task to be overlooked.The causes of log management lapses. Despite log management being a great first-line of defenseagainst a data breach, analyzing logs is seldom adequately performed. In order to ensure adherenceto laws and mollify ramifications, insurance IT executives must first understand the human factors thatinhibit this important task: 1. Most people dislike tedious work. 2. No time to ensure uptime; no time to prevent downtime. 3. “NAH”: Not Affected Here.The Real Solution. Log data management is too important of a task to be overlooked. A great way tohelp to counteract these three behavioral issues is to provide your IT staff with the right solution to theirproblem in order to resolve your problem.Since 1993, Clear’s customers have relied on them to meet their hardware needs. Today, their customers look to them to increasetheir organizational effectiveness by providing continuity, infrastructure, security, and virtualization solutions. Based in Coppell,Texas, Van can be reached at www.cleartechnologies.net/DynamicLogAnalysis or (972) 906 -7500vsymons@cleartechnologies.net. -1-
    • Proactive Log Management in Insurance: Why it is important and what inhibits it By: Van Symons, President, Clear TechnologiesThe insurance industry relies on technology to better serve its customers. With annualindustry expenditures for technology topping an estimated $25 billion, thisdependence has continued to grow since the Internet and e-commerce explodedin the 1990s as more insurers turned to technology to obtain, maintain, and retainclients.Exposure to computer systems’ vulnerabilities has also grown at an alarming rate asattackers strive to identify and make the most of vulnerabilities. Consequently,computers are attacked and compromised on a daily basis. A recent Verizon RISKand U.S. Secret Service Data Breach Investigations Report stated that servers andapplications comprise 50% of all breached assets. These attacks steal personalidentities, bring down an entire network, disable the online presence of businesses, oreliminate sensitive information that is critical for personal or business purposes. Onesecurity survey noted how in 1997, 37% of respondents reported a breach. A 2009report by the Ponemon Institute, a privacy management research firm, reported afigure of 85%. Insurance companies are especially susceptible.Over the past several years, non-insurers such as Virginia’s DHS system, TJX, HeartlandPayment Systems, Google, and T-Mobile, have been adversely affected by breachesand poor information safeguards. Increasingly, however, insurance companies aresuffering from the same trend. Earlier this year, the attorney general of Connecticutfiled a lawsuit against The Health Net of Connecticut and its owners, UnitedHealthGroup and Oxford Health Plans. According the lawsuit, Health Net failed toadequately protect the medical records of 446,000 customers. In November 2009,someone obtained unauthorized computer access to some of Farmers Insurancecustomers information in Nashville. Although Farmers immediately contacted theSecret Service, the breach exposed sensitive information, such as insurance policies,names, addresses and Social Security numbers. Although the motive has not beenmade public, several sources believe that the breach was financially motivated asthe information could have been sold for profit. In another case, , of Minneapolis-based insurer, Thrivent Financial for Lutherans, experienced a break-in at one of itsoffices in Pennsylvania. A laptop computer was among the items stolen. The laptophad safeguards to protect sensitive information, including strong password protectionand encryption. However, Thrivent said the information stored on the laptop may beat risk as it contained personal information, including names, addresses, SocialSecurity numbers and health information.Why Breaches Occur?Since 1993, Clear’s customers have relied on them to meet their hardware needs. Today, their customers look to them to increasetheir organizational effectiveness by providing continuity, infrastructure, security, and virtualization solutions. Based in Coppell,Texas, Van can be reached at www.cleartechnologies.net/DynamicLogAnalysis or (972) 906 -7500vsymons@cleartechnologies.net. -2-
    • Proactive Log Management in Insurance: Why it is important and what inhibits it By: Van Symons, President, Clear TechnologiesAccording to Forrester senior analyst, Ellen Carney, “Security threats aroundinsurance involve identity theft, fraud, data theft, and those kinds of things.” Inspeaking with customers and reviewing existing research, a majority of breachesoccur in insurance for three reasons: carelessness, outsourced data, hacking is alucrative business, and employee retribution.Carelessness. Insurance companies are vulnerable to data breaches because of thelargely decentralized customer acquisition structure across numerous distributionchannels and the multitude of stakeholders. This mixture of decentralization andlarge employee base serves as a recipe for careless soup.An online security breach at WellPoint and its subsidiaries in 10 states put at risk thepersonal, financial and medical information of 470,000 WellPoint customersnationwide. The security breach occurred primarily because of a flaw in the onlineapplication process that allowed some to access with other peoples applicationsand records. Although unintended, this flaw, caused by a computer company thatwas hired to update security on the online application process, could havepotentially exposed the personal, financial and medical information of almost half amillion people. Those who hacked into the system could have seen applications,which include a persons name, Social Security number, credit card information,health information and medical history. Besides Connecticut, the breach affectedAnthem and WellPoint customers in California, Colorado, Indiana, Kentucky, Missouri,Nevada, New Hampshire, Ohio and Wisconsin. In another instance, Boston insurancegiant, John Hancock Financial Services, reported that a CD with customers’ personalinformation was lost that included credit card numbers, medical records, or otherpersonal information. Both examples lead to one conclusion: carelessness increasesinformation security exposure and operational risk.Outsourced Data. Increasingly, cost conscious companies in the insurance industryare outsourcing work to achieve economies of scale. Kimberly Harris-Ferrante, a vicepresident and distinguished analyst at Gartner Research stated that, “Some<insurance> companies were forced to look at outsourcing as they tried to findcheaper ways to maintain systems or fill gaps when they let people go.” Theunintended consequence, as stated by the 2010 Ponemon study is that 42% of allbreach cases involved third party mistakes. Data breaches involving outsourceddata to third parties, especially when the third party is offshore, are most costly. Theper capita cost for data breaches involving third parties is $217 versus $194, morethan a $21 difference, according to Ponemon. The per capita cost of a data breachinvolving a negligent insider or a systems glitch averages $154 and $166, respectively.Since 1993, Clear’s customers have relied on them to meet their hardware needs. Today, their customers look to them to increasetheir organizational effectiveness by providing continuity, infrastructure, security, and virtualization solutions. Based in Coppell,Texas, Van can be reached at www.cleartechnologies.net/DynamicLogAnalysis or (972) 906 -7500vsymons@cleartechnologies.net. -3-
    • Proactive Log Management in Insurance: Why it is important and what inhibits it By: Van Symons, President, Clear TechnologiesHacking is a lucrative business. Hackers utilize multiple methods to obtain sensitiveinformation including, stealing computers, combing through sensitive lost documents,brute force attacks, and viruses. According to the Internet Security Threat Reportpublished by Symantec in April 2009, attackers released Trojan horses, viruses, andworms at a record pace in 2008, primarily targeting computer users’ confidentialinformation, in particular their online insurance account credentials. Symantecdocumented a record of 1.6 million instances of malicious code on the Web in 2008,about one million more than 2007. Twenty four percent of all cases in Ponemon’s2010 study involved a malicious or criminal attack that resulted in the loss or theft ofpersonal information.Employee retribution. Deloitte’s study, “The 2010 Financial Services Global SecurityStudy: The Faceless Threat,” asked more than 350 major financial institutions, 50 whichare the largest insurers, worldwide about their data security plans and operations.Only 42% of the survey participants said they are “somewhat confident” in beingable to thwart internal attacks, while 34 percent said they are “very confident.”However, 56% said they are “very confident” they are able to thwart external attacks.The Identity Theft Resource Center, a San Diego based nonprofit, found that of theroughly 250 data breaches publicly reported in the United States between January 1and June 12, 2008, victims blamed the largest share of incidents on theft byemployees (18.4 %). This year, the 2010 Data Breach Investigations Report by VerizonRISK and the U.S. Secret Service, 48% of data breaches across all industries werecaused by insiders.Why Should I care?A recent InformationWeek Analytics survey revealed that 75% of its executive levelrespondents (among all industries) stated that information security is among itshighest priorities. In recent years, insurance companies have paid increasingattention to IT security. This is understandable given the sheer amount of informationnow in digital form.Until recently, insurers that did not see the Internet as a key component in theirmarketing strategy and were focused on cost management and reduction.However, a steadily growing number of insurers have a significant online presenceand are more consumer-oriented. As such, insurance carriers and agencies alike areembracing information technology advances that accelerate the speed at whichnew business can be acquired and existing business can be renewed or processed.This shift is causing a drive to get more security controls in place.Since 1993, Clear’s customers have relied on them to meet their hardware needs. Today, their customers look to them to increasetheir organizational effectiveness by providing continuity, infrastructure, security, and virtualization solutions. Based in Coppell,Texas, Van can be reached at www.cleartechnologies.net/DynamicLogAnalysis or (972) 906 -7500vsymons@cleartechnologies.net. -4-
    • Proactive Log Management in Insurance: Why it is important and what inhibits it By: Van Symons, President, Clear TechnologiesDeloitte reported that chief information security officers say they are “far lessconfident that traditional controls will protect their organizations,” which is primarilybeing driven by a growing security concern is malicious software originating outsideof the organization. There is growing concern with protecting access to informationas insurance companies are making investments in areas of security beyond enteringa user name and password. As a result, Deloitte’s study stated that insurers scoredhighest with making identity and access management a top security initiative for2010 at 51%. One barrier to advancing this solution is the expense.But, should an insurer care? According to the Deloitte report, a breech of sensitivedata can do tremendous harm to a company from a liability and reputationalstandpoint, as well as regulatory concerns at the federal and state levels that canimpose significant fines for every record compromised.It costs a lot to fix. Executives are focused on information security because of theaccompanying liability costs of the ever-increasing volume of corporate andpersonal information theft. In certain cases, these events result in costly lawsuits withmuch of the fees being paid to litigation service firms to sift through inaccessible,unorganized volumes of data. One cost associated with a breach is the expense ofsetting up credit monitoring services for customers affected by the breach.According to the latest Ponemon Institute study, the cost per compromised customerrecord is $204 and the average total cost of a data breach is $6.75 million, which isup by 44% since 2006.The Internet Crime Complaint Center, a partnership of the FBI, the National WhiteCollar Crime Center, and Bureau of Justice Assistance, reported that the number ofcomplaints from victims of cyber crime rose by almost a third since 2007. The totalnumber reached 275,284, amounting to $265 million in money lost. Research showsdata breaches involving malicious or criminal acts are much more expensive thanincidents resulting from negligence or systems glitch ($154 and $166 per record,respectively). The per capita cost of a data breach involving a malicious or criminalact averages $215. In instances where a bank issued cards affected by a breach,these costs can mount quickly, and the bank ends up bearing all of the costs itself.Brand blemish. Next, executives are focused on information security in order topreserve brand value. For years, Business Week/InterBrand has published their yearlyfindings on the top 100 Brands. Because stability is one of the factors for determininga brand’s value, one can assume that a customer will be doubtful of the stability of abrand that cannot protect their information. In addition, one cannot fully trust aninsurance company that is not stable.Since 1993, Clear’s customers have relied on them to meet their hardware needs. Today, their customers look to them to increasetheir organizational effectiveness by providing continuity, infrastructure, security, and virtualization solutions. Based in Coppell,Texas, Van can be reached at www.cleartechnologies.net/DynamicLogAnalysis or (972) 906 -7500vsymons@cleartechnologies.net. -5-
    • Proactive Log Management in Insurance: Why it is important and what inhibits it By: Van Symons, President, Clear TechnologiesDuring the past several years, insurers have been - in some cases, justifiably linked to-accusations of deceptive insurance practices relating to hurricane loss claims, creditdefault swaps, escalating foreclosure rates, federal bailouts, suffering housingmarkets business and bank failures, eroding consumer wealth and retirementbenefits, while experiencing "record profits." AIG, for example, is now saddled withthe persona of an evil, heartless, and greedy “insurance” company.Matthew Harrington, president and CEO for Edelman U.S., a public relations firmstated, "Just three years ago, financial performance ranked as the top criterion for allU.S. companies, it now scores at the bottom, replaced by transparency and trust." Asof March 2010, being able to trust a stranger on the street is 3.32, while that of ainsurance company is lower at 2.50, said Paola Sapienza, a professor of finance atNorthwestern Universitys Kellogg School of Management and co-conductor of theChicago Booth/Kellogg School Financial Trust Index.Intellectual property. When speaking about the economy and the insurance industryHarris-Ferrante of Gartner stated, “Other fallout of the recession—layoffs and notreplacing retirees—had an impact on intellectual property…” Because superiorintellectual property leads to service differentiation, executives view it as a key assetthat, in the midst of hard economic times, ensures revenue, market share, and long-term profitable growth. An intellectual property breach can include unauthorizedaccess, copying, disclosure or use of client information, trade secrets, copyrightedmaterials, ongoing research, strategy, M&A plans, and other such information.Regulations/Laws. Most top insurance companies in the world view compliance asthe primary driver of IT budgets. Paul Roma, principal and national technology leadwithin Deloittes health plans practice states that, “Every provision has technologyimplications; the technology impacts are absolutely massive, and they are end-to-end."Although many of the newer laws have focused on consumer protection, a numberof others have addressed issues of regulation and supervision related to concernsabout safety and soundness. As such, insurers in the United States are obligatedmonitor systems and procedures to detect actual and attempted attacks on orintrusions into customer information systems by the following laws: 1. Section 216 of the Fair and Accurate Credit Transactions Act (2003) (FACT Act) - must provide for the identification, detection, and response to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft. Within insurance, this requirement can only be sufficiently met through monitoring.Since 1993, Clear’s customers have relied on them to meet their hardware needs. Today, their customers look to them to increasetheir organizational effectiveness by providing continuity, infrastructure, security, and virtualization solutions. Based in Coppell,Texas, Van can be reached at www.cleartechnologies.net/DynamicLogAnalysis or (972) 906 -7500vsymons@cleartechnologies.net. -6-
    • Proactive Log Management in Insurance: Why it is important and what inhibits it By: Van Symons, President, Clear Technologies 2. The Health Insurance Portability and Accountability Act (1996) – is enforced by the US Code of Federal Regulations - Title 45: Public Welfare that defines safeguards to which insurers need to adhere. Such safeguards include administrative, physical, and technical safeguards that reasonably and appropriately protect the Confidentiality, Integrity, and Availability of personally identifiable information: a. Administrative safeguards are administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entitys workforce in relation to the protection of that information. b. Physical safeguards are physical measures, policies, and procedures to protect a covered entitys electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion. c. Technical safeguards mean the technology and the policy and procedures for its use that protect electronic protected health information and control access to it. Within the insurance industry, this requirement can only be sufficiently met through monitoring, reporting and alerting on attempted or successful access to systems and applications that contain sensitive patient information. 3. USA Patriot Act (2001). Although this Act does not directly ask an organization to monitor, it increases the ability of law enforcement agencies to search telephone, email communications, medical, financial, and other records. As a result, log management is necessary for compliance. 4. Sarbanes-Oxley Act (2002). The formal name of this act is the Public Company Accounting Reform and Investor Protection Act of 2002. This act requires the boards, accounting firms, and management of publicly traded firms to adhere to a higher set of financial recording and reporting standards. The reporting requirements can only be sufficiently met through monitoring. 5. California Senate Bill 1386. California Senate Bill 1386 was introduced in July 2003. The bill was the first attempt by a state legislature to address the problem of identity theft by introducing stiff disclosure requirements for businesses and government agencies that experience security breaches that might contain the personal information of California residents. Implied in the bill is that in order to be to assess compliance, an organization should monitor their devices and applications regularly to adhere to the following, "Notice must be given to any resident of California whose PI is or is reasonably believed to have been acquired by an unauthorized person." Notice must be given in "most expedient time possible" and "without unreasonable delay" subject to certain provisions that define what reasonable is for your organization.Since 1993, Clear’s customers have relied on them to meet their hardware needs. Today, their customers look to them to increasetheir organizational effectiveness by providing continuity, infrastructure, security, and virtualization solutions. Based in Coppell,Texas, Van can be reached at www.cleartechnologies.net/DynamicLogAnalysis or (972) 906 -7500vsymons@cleartechnologies.net. -7-
    • Proactive Log Management in Insurance: Why it is important and what inhibits it By: Van Symons, President, Clear Technologies 6. Patient Protection and Affordable Care Act (2010) requires insurers to undertake "administrative simplification," which changes the rules for how insurers interact with providers for transactions including verifying eligibility, submitting claims, checking claim status and receiving remittances. Administrative simplification will inevitably defer to HIPPAA’s administrative guideline to monitor activity for security risks.Mandates. Mandates by the European Union Data Protection Directive, Solvency II,and Payment Card Industry Data Security Standard (PCI-DSS) all seek to manage risk.European Union’s Data Protection Directive. This directive is largely based on thenotion of protecting any information relating to an identified or identifiable naturalperson. In order to fully satisfy this directive, an insurer with a presence in Europeshould frequently monitor access to information relating to an identified oridentifiable natural person.Solvency II. The Solvency II project was initiated by the European Commission (EC) in2000 to implement a fundamental change to the capital requirements for Europeaninsurers. To bolster insurer solvency, Solvency II strives to reduce operational risks. TheSolvency II directive has adopted the Basel II definition of operational risk: any riskresulting from people, processes, systems or external events, which include databreaches. European Insurers now have a clear deadline to prepare for Solvency IIwith the implementation date set for 2012.PCI-DSS. Payment Card Industry Data Security Standard (PCI DSS), PCI DSS requirethat adequate activity logs are produced, there is restricted access to logs, and thatlogs are reviewed daily, all of which are encompassed in the following guidelines:• 10.5 – Secure audit trail so they cannot be altered Access to audit trails must be limited to READ access. If audit trails can be altered outside of the application, monitoring controls should be implemented via file-integrity monitoring tools as required in DSS 10.5.5. Alteration of audit trails should be investigated for propriety.• 10.6 – Review logs for all system components at least daily. Log reviews must include those servers that perform security functions such as IDS and VPN.Standards/Controls. Standards like the Control Objectives for IT, the ISO 27001standard for Security Management, Model Audit Rule, and the NIST Standards allseek to manage risk.COBIT. The Control Objectives for Information and related Technology (COBIT) isbased on a “plan-build-run-monitor” framework and is a comprehensive set of ITSince 1993, Clear’s customers have relied on them to meet their hardware needs. Today, their customers look to them to increasetheir organizational effectiveness by providing continuity, infrastructure, security, and virtualization solutions. Based in Coppell,Texas, Van can be reached at www.cleartechnologies.net/DynamicLogAnalysis or (972) 906 -7500vsymons@cleartechnologies.net. -8-
    • Proactive Log Management in Insurance: Why it is important and what inhibits it By: Van Symons, President, Clear Technologiesmanagement best practices managed by the IT Governance Institute (ITGI). Thebest practices are divided into four domains (Plan, Build, Run and Monitor) and 34high-level processes. It relies on understanding the inter-relationship betweentechnologies across the enterprise, real-time understanding of risks, impacts, andoperational variables. Its goal is instill vigilance through monitoring.ISO27001/2. ISO27001/2 is based on a “plan-do-check-act” framework and is derivedfrom the ISO 17799, ISO27001 and 2 (together known as ISO27001/2) wererenumbered in 2007 to conform to the ISO 27000 family numbering scheme.ISO27001/2 are a widely accepted international standard for information security thatwas established by the International Standards Organization and offers a broad set ofbest practices for information security controls across organizations of any type andassists all organizations - commercial, governmental or nonprofit - in the process ofmanaging information security. ISO 27001/2 a standard that offers oversight overindividual security controls. These controls call for the monitoring and analysis of datagenerated by all systems including IT infrastructure, network appliances and securitysolutions throughout the enterprise. The framework is comprised of twelve securityclauses that include 39 security categories with hundreds of control objectivesoverall. Its goal is mitigate risk through active vigilance.National Association of Insurance Commissioners (NAIC) Annual Financial ReportingModel Regulation (Model Audit Rule). The National Association of InsuranceCommissioners (NAIC) is an organization of insurance regulators from the 50 states,the District of Columbia and the five U.S. territories. The NAIC provides a forum for thedevelopment of uniform insurance policy when uniformity is appropriate. The ModelAudit Rule (MAR), enacted in 2006 and is in effect as of January of this year, wasmotivated in part by several catastrophic failures within the financial services industryand maintains that managers take greater responsibility for managing risks on anenterprise wide scale. Largely based on the provisions of Sarbanes Oxley (SOX), itextends SOX-like rules to non-public companies for the first time. MAR is similar toSolvency II as both seek to minimize operational risk.NIST Standards. The National Institute of Standards and Technology is a US federaltechnology agency that develops and promotes measurement, standards, andtechnology and relies on functional area framework of management, operational,and technical safeguards. Most banks have adopted this control framework. Thespecific log management control outlined with NIST standards rests within the AU-6Audit Monitoring, Analysis, and Reporting control. In a nutshell, the control states anorganization should report indications of inappropriate or unusual activity to anorganization official and be aware of change in risk to organizational operations.Since 1993, Clear’s customers have relied on them to meet their hardware needs. Today, their customers look to them to increasetheir organizational effectiveness by providing continuity, infrastructure, security, and virtualization solutions. Based in Coppell,Texas, Van can be reached at www.cleartechnologies.net/DynamicLogAnalysis or (972) 906 -7500vsymons@cleartechnologies.net. -9-
    • Proactive Log Management in Insurance: Why it is important and what inhibits it By: Van Symons, President, Clear TechnologiesTheir “control enhancements” category serves to distill the broad goals set forth byAU-6, the NIST recommends:1. An organization’s information system must first integrate audit review, analysis, and reporting processes to support organizational processes for investigation and response to suspicious activities.2. An organization’s auditable data needs to be integrated, centralized, robust, and be able to thoroughly analyze data from multiple devices.3. An organization should correlate information from audit records with information obtained from monitoring physical access to further enhance the ability to identify suspicious, inappropriate, unusual, or malevolent activity.Statement on Auditing Standards No. 70 (SAS 70). SAS 70 was developed by theAmerican Institute of Certified Public Accountants to provide guidance toorganizations that provide third-party services and defines the standards an auditormust employ in order to assess their internal controls. It is an internationally-recognizedstandard that reviews all levels of technology service providers over a six-monthperiod for business practices, communication, internal procedures and security. TheSAS 70 report guidance articulates the requirements for assessing four items: the fairpresentation of managements description of controls, the suitability of the design ofmanagements controls, whether the controls are in place as of a specified date,and whether the controls operated with sufficient effectiveness to determine thatmanagements control objectives were achieved. This standard applies to banks(usually publically traded) that rely on hosted data centers, and third partyprocessors, to provide outsourcing services that affect the operation of the bank.The Solution?Attenuate breach impacts. A recent Verizon RISK and U.S. Secret Service Data BreachInvestigations Report recommended that IT staff should constantly monitor serveractivity and red-flag any suspicious activity because it typically takes criminals daysto get into a company’s network and steal data. The best method to vigilantlymonitor each device and applications is to monitor their logs. Therefore, monitoring“log data” or log management for devices, servers, and applications is too importantof a task to be overlooked because it acts as a great first-line of defense against adata breach.The Problem with the Solution. Why IT puts us at risk. At one of our recent customervisits, an IT executive was sharing his ongoing frustration with log management andanalysis. To complicate matters, he stated that the laws, regulations, and mandateson companies of all sizes have made analyzing logs a necessity. He shared thatSince 1993, Clear’s customers have relied on them to meet their hardware needs. Today, their customers look to them to increasetheir organizational effectiveness by providing continuity, infrastructure, security, and virtualization solutions. Based in Coppell,Texas, Van can be reached at www.cleartechnologies.net/DynamicLogAnalysis or (972) 906 -7500vsymons@cleartechnologies.net. - 10 -
    • Proactive Log Management in Insurance: Why it is important and what inhibits it By: Van Symons, President, Clear Technologiesalthough his company had both the human and technology assets to perform theanalysis; his team could not, in a repetitive and timely manner, because of thedifficulty in performing the task.Despite his frustration, we probed further to find out what drives this complexity. Wewere surprised to learn that three factors influence why log management andanalysis is not performed: it is tedious, time consuming, too abstract to tend to.No one likes tedious work. Most IT personnel are as generalized as being task versuspeople-oriented. Even so, they do not like to perform brainless tasks. Logmanagement falls into that category as an IT person would have to pour throughreams of data and somehow correlate and weight each security risk, which is a trulytedious task.No time to ensure uptime; no time to prevent downtime. On any given day, they areperforming multiple tasks that stretch their skills to the limit. Already overworked, oneIT administrator stated that he is responsible for maintaining a service level of 98% forhis 900 users, and maintaining/reviewing log data. But, he is only merited based on hisservice level performance. Consequently, he seldom manages and reviews his logsand hopes that an incident will not bring down his system.“NAH”. Weve all heard the phrase "NIH", not invented here. However, with IT staff, weconstantly witness a belief system of “NAH", not affected here. Because of thelimited time and multiple demands placed on an IT staff, many are forced to hopeand believe for the best. One IT analyst confided to us he hoped to never have abreach since a breach would cost about $25,000 an hour in lost productivity and on-time delivery performance.The real solution. Log data management is too important of a task to be overlooked.In order to ensure adherence to laws and potential costs, IT executives must firstunderstand, address, and resolve the human factors that inhibit this important task. Agreat way to help to counteract these three behavioral issues is to provide your ITstaff with the right solution to their problem in order to resolve your problem.Since 1993, Clear’s customers have relied on them to meet their hardware needs. Today, their customers look to them to increasetheir organizational effectiveness by providing continuity, infrastructure, security, and virtualization solutions. Based in Coppell,Texas, Van can be reached at www.cleartechnologies.net/DynamicLogAnalysis or (972) 906 -7500vsymons@cleartechnologies.net. - 11 -