Advertisement

Logs = Accountability

Anton Chuvakin
Security Strategy
Sep. 26, 2008
Logs = Accountability
Logs = Accountability
Logs = Accountability
Logs = Accountability
Logs = Accountability
Logs = Accountability
Logs = Accountability
Logs = Accountability
Logs = Accountability
Logs = Accountability
Logs = Accountability
Logs = Accountability
Logs = Accountability
Logs = Accountability
Logs = Accountability
Logs = Accountability
Logs = Accountability
Logs = Accountability
Logs = Accountability
Logs = Accountability

Check these out next

Zero trust deck 2020
Zero trust deck 2020
Guido Marchetti
Real Time Data Strategy and Architecture
Real Time Data Strategy and Architecture
Alan McSweeney
Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security
Splunk
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
Doreen Loeber
Splunk ITSI Sandbox Guidebook
Splunk ITSI Sandbox Guidebook
Splunk
OT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security Success
accenture
Introduction to Val IT
Introduction to Val IT
Varuna Harshana
IEEE 12207
IEEE 12207
Joe Christensen
1 of 20

Logs = Accountability

Sep. 26, 2008
Technology

Logs as a Vehicle for Accountability, in IT and Beyond

Anton Chuvakin
Security Strategy
Advertisement
Advertisement
Advertisement

Recommended

Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius1.2K views32 slides
Scalar IST のご紹介 Scalar IST のご紹介
Scalar IST のご紹介 Scalar, Inc.707 views15 slides
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNA Putra1K views32 slides
8 questions to ask when evaluating a Cloud Access Security Broker8 questions to ask when evaluating a Cloud Access Security Broker
8 questions to ask when evaluating a Cloud Access Security BrokerBitglass805 views18 slides
ISO 22301, The first ever ISO for BCM - Presented at BCI Qatar ForumISO 22301, The first ever ISO for BCM - Presented at BCI Qatar Forum
ISO 22301, The first ever ISO for BCM - Presented at BCI Qatar ForumMuhammad Ghazali MBCI, ISO22301 LA, CRISC, BCM Trainer1.2K views19 slides
Datto RMM DatasheetDatto RMM Datasheet
Datto RMM DatasheetThomas Dodds548 views2 slides

More Related Content

Slideshows for you(20)

Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
Guido Marchetti261 views
Real Time Data Strategy and ArchitectureReal Time Data Strategy and Architecture
Real Time Data Strategy and Architecture
Alan McSweeney6.2K views
Exploring Frameworks of Splunk Enterprise SecurityExploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security
Splunk916 views
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
Doreen Loeber805 views
Splunk ITSI Sandbox GuidebookSplunk ITSI Sandbox Guidebook
Splunk ITSI Sandbox Guidebook
Splunk1.3K views
OT Security Architecture & Resilience: Designing for Security SuccessOT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security Success
accenture9.7K views
Introduction to Val ITIntroduction to Val IT
Introduction to Val IT
Varuna Harshana5.3K views
IEEE 12207IEEE 12207
IEEE 12207
Joe Christensen7.8K views
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB 3.5K views
Building Service Intelligence with Splunk IT Service Intelligence (ITSI) Building Service Intelligence with Splunk IT Service Intelligence (ITSI)
Building Service Intelligence with Splunk IT Service Intelligence (ITSI)
Splunk3.3K views
Fundamentos de Segurança da InformaçãoFundamentos de Segurança da Informação
Fundamentos de Segurança da Informação
Escola de Governança da Internet no Brasil1K views
What Every Organization Should Log And MonitorWhat Every Organization Should Log And Monitor
What Every Organization Should Log And Monitor
Anton Chuvakin2.2K views
Cisco connect winnipeg 2018 a look at network assurance in dna centerCisco connect winnipeg 2018 a look at network assurance in dna center
Cisco connect winnipeg 2018 a look at network assurance in dna center
Cisco Canada1.9K views
Gestion des réservations du consommable et des pannesGestion des réservations du consommable et des pannes
Gestion des réservations du consommable et des pannes
Pasteur_Tunis482 views
Middleware Audits And Remediation For Pci ComplianceMiddleware Audits And Remediation For Pci Compliance
Middleware Audits And Remediation For Pci Compliance
mjschreck2.5K views
BIA - Example of Business Impact Analysis and DependenciesBIA - Example of Business Impact Analysis and Dependencies
BIA - Example of Business Impact Analysis and Dependencies
Ramiro Cid4.7K views
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
CSNP276 views
Recovery Time Objective and Recovery Point ObjectiveRecovery Time Objective and Recovery Point Objective
Recovery Time Objective and Recovery Point Objective
Yankee Maharjan735 views
Orion Network Performance Monitor (NPM) Optimization and Tuning TrainingOrion Network Performance Monitor (NPM) Optimization and Tuning Training
Orion Network Performance Monitor (NPM) Optimization and Tuning Training
SolarWinds5.1K views
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASB
Kyle Watson2.9K views

Similar to Logs = Accountability(20)

Logs vs InsidersLogs vs Insiders
Logs vs Insiders
Anton Chuvakin1.3K views
Log Management For e-Discovery, Database Monitoring and Other Unusual UsesLog Management For e-Discovery, Database Monitoring and Other Unusual Uses
Log Management For e-Discovery, Database Monitoring and Other Unusual Uses
Anton Chuvakin1.3K views
Six Mistakes of Log Management 2008Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008
Anton Chuvakin2.1K views
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
Anton Chuvakin933 views
Audit logs for Security and ComplianceAudit logs for Security and Compliance
Audit logs for Security and Compliance
Anton Chuvakin4.5K views
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinEnterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Anton Chuvakin3.7K views
Log Analysis Across System Boundaries for Security, Compliance, and OperationsLog Analysis Across System Boundaries for Security, Compliance, and Operations
Log Analysis Across System Boundaries for Security, Compliance, and Operations
Anton Chuvakin408 views
Log Analysis Across System Boundaries for Security, Compliance, and OperationsLog Analysis Across System Boundaries for Security, Compliance, and Operations
Log Analysis Across System Boundaries for Security, Compliance, and Operations
Anton Chuvakin619 views
Log management and compliance: What's the real story? by Dr. Anton ChuvakinLog management and compliance: What's the real story? by Dr. Anton Chuvakin
Log management and compliance: What's the real story? by Dr. Anton Chuvakin
Anton Chuvakin1.5K views
Logs & The Law: What is Admissible in Court?Logs & The Law: What is Admissible in Court?
Logs & The Law: What is Admissible in Court?
loglogic2.4K views
Logs for Information Assurance and Forensics @ USMALogs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMA
Anton Chuvakin1.1K views
Database auditing essentialsDatabase auditing essentials
Database auditing essentials
Craig Mullins2.1K views
NIST 800-92 Log Management Guide in the Real WorldNIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real World
Anton Chuvakin8.9K views
CSI NetSec 2007 Six MIstakes of Log Management by Anton ChuvakinCSI NetSec 2007 Six MIstakes of Log Management by Anton Chuvakin
CSI NetSec 2007 Six MIstakes of Log Management by Anton Chuvakin
Anton Chuvakin2.1K views
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
Ros Dina3K views
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
Anton Chuvakin2.9K views
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
guestc0c304268 views
FIRST 2006 Full-day Tutorial on Logs for Incident ResponseFIRST 2006 Full-day Tutorial on Logs for Incident Response
FIRST 2006 Full-day Tutorial on Logs for Incident Response
Anton Chuvakin1.6K views
The Insider ThreatThe Insider Threat
The Insider Threat
illustro816 views
Practical Strategies to Compliance and Security with SIEM by Dr. Anton ChuvakinPractical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Practical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Anton Chuvakin3.4K views
Advertisement

More from Anton Chuvakin(20)

SOC Lessons from DevOps and SRE by Anton ChuvakinSOC Lessons from DevOps and SRE by Anton Chuvakin
SOC Lessons from DevOps and SRE by Anton Chuvakin
Anton Chuvakin224 views
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 BoothHey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Anton Chuvakin110 views
20 Years of SIEM - SANS Webinar 202220 Years of SIEM - SANS Webinar 2022
20 Years of SIEM - SANS Webinar 2022
Anton Chuvakin263 views
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
Anton Chuvakin362 views
SOCstock 2020 Groovy SOC Tunes aka Modern SOC TrendsSOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
SOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
Anton Chuvakin278 views
SOCstock 2021 The Cloud-native SOC SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC
Anton Chuvakin411 views
Modern SOC Trends 2020Modern SOC Trends 2020
Modern SOC Trends 2020
Anton Chuvakin741 views
Anton's 2020 SIEM Best and Worst Practices - in BriefAnton's 2020 SIEM Best and Worst Practices - in Brief
Anton's 2020 SIEM Best and Worst Practices - in Brief
Anton Chuvakin337 views
Generic siem how_2017Generic siem how_2017
Generic siem how_2017
Anton Chuvakin1K views
Tips on SIEM Ops 2015Tips on SIEM Ops 2015
Tips on SIEM Ops 2015
Anton Chuvakin355 views
Five SIEM Futures (2012)Five SIEM Futures (2012)
Five SIEM Futures (2012)
Anton Chuvakin605 views
RSA 2016 Security Analytics PresentationRSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics Presentation
Anton Chuvakin486 views
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Anton Chuvakin10K views
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Anton Chuvakin14K views
SIEM Primer:SIEM Primer:
SIEM Primer:
Anton Chuvakin4.7K views
On Content-Aware SIEM by Dr. Anton ChuvakinOn Content-Aware SIEM by Dr. Anton Chuvakin
On Content-Aware SIEM by Dr. Anton Chuvakin
Anton Chuvakin1.7K views
Making Log Data Useful: SIEM and Log Management Together by Dr. Anton ChuvakinMaking Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin
Making Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin
Anton Chuvakin2.5K views
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinPCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
Anton Chuvakin1.2K views
Navigating the Data Stream without Boiling the Ocean:: Case Studies in Effec...Navigating the Data Stream without Boiling the Ocean:: Case Studies in Effec...
Navigating the Data Stream without Boiling the Ocean:: Case Studies in Effec...
Anton Chuvakin992 views
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Anton Chuvakin1.1K views

Recently uploaded(20)

Agile Mindset, Ahmed Sidky PhD.pdfAgile Mindset, Ahmed Sidky PhD.pdf
Agile Mindset, Ahmed Sidky PhD.pdf
FarizGhozali0 views
Perform Mensuration and Calculation PPT.pptxPerform Mensuration and Calculation PPT.pptx
Perform Mensuration and Calculation PPT.pptx
PauloAngeles40 views
Varanasi_Meetup_Universal API Managment.pdfVaranasi_Meetup_Universal API Managment.pdf
Varanasi_Meetup_Universal API Managment.pdf
Santosh Ojha0 views
Theben DALI-2 Room SolutionTheben DALI-2 Room Solution
Theben DALI-2 Room Solution
Ivory Egg0 views
Howard Wilner Explains the Impact of 5G on Automotive ManufacturersHoward Wilner Explains the Impact of 5G on Automotive Manufacturers
Howard Wilner Explains the Impact of 5G on Automotive Manufacturers
jimcarns0 views
Hybrid Mobile App Development Frameworks.pdfHybrid Mobile App Development Frameworks.pdf
Hybrid Mobile App Development Frameworks.pdf
TarunTiwari940 views
MS EXCEL LESSON.pptxMS EXCEL LESSON.pptx
MS EXCEL LESSON.pptx
JoeyGarancho10 views
Ethereum's Transaction Momentum: Closing the Gap with VisaEthereum's Transaction Momentum: Closing the Gap with Visa
Ethereum's Transaction Momentum: Closing the Gap with Visa
Mobiloitte Technologies0 views
AzureOpenAI.pptxAzureOpenAI.pptx
AzureOpenAI.pptx
Udaiappa Ramachandran0 views
Chapter_11-Heragu.pptxChapter_11-Heragu.pptx
Chapter_11-Heragu.pptx
Madan Karki0 views
英国格鲁斯特大学毕业证文凭成绩单制作指南英国格鲁斯特大学毕业证文凭成绩单制作指南
英国格鲁斯特大学毕业证文凭成绩单制作指南
nahej992970 views
Into The Box 2023 Keynote day 2Into The Box 2023 Keynote day 2
Into The Box 2023 Keynote day 2
Ortus Solutions, Corp0 views
SAUTER certified buildings.pptxSAUTER certified buildings.pptx
SAUTER certified buildings.pptx
GraziellaCathleen0 views
SRE-Week-09-Refining-the-system-definition-05052023-114706pm.pptxSRE-Week-09-Refining-the-system-definition-05052023-114706pm.pptx
SRE-Week-09-Refining-the-system-definition-05052023-114706pm.pptx
Hassankhalid8949400 views
SampleDecPkg.pptSampleDecPkg.ppt
SampleDecPkg.ppt
Courtney Doutherd0 views
Internship_Report_Projects_have_done_Dur.pdfInternship_Report_Projects_have_done_Dur.pdf
Internship_Report_Projects_have_done_Dur.pdf
HikMan20 views
Multi Standard Mixed Mode.pdfMulti Standard Mixed Mode.pdf
Multi Standard Mixed Mode.pdf
MbBot0 views
Managing a WordPress Multisite NetworkManaging a WordPress Multisite Network
Managing a WordPress Multisite Network
Jonathan Bossenger0 views
Studying the materials used in weapons during Chhatrapati Shivaji Maharaj eraStudying the materials used in weapons during Chhatrapati Shivaji Maharaj era
Studying the materials used in weapons during Chhatrapati Shivaji Maharaj era
Sagarwalanj0 views
BIS Research conducted a webinar on Carbon Neutral Data Center PracticesBIS Research conducted a webinar on Carbon Neutral Data Center Practices
BIS Research conducted a webinar on Carbon Neutral Data Center Practices
BIS Research Inc.0 views
Advertisement

Logs = Accountability

  1. Logs = Accountability Dr Anton Chuvakin Chief Logging Evangelist LogLogic, Inc
  4. What is a Log? User and System Activity User Terminated Customer Transaction Email BCC Failed Logon Database Access File Up/Download Credit Card Data Access Information Leak Privileges Assigned/ Changed 30%

Editor's Notes

  1. TODO: Evolution of logging (Grab from new corp preso = on eHD) Get full Jay Leek preso (maybe) Grab from Tao: too many controls -> less control Grab ‘future log challenges’ blog post Add log taxonomy – guide to using logs for accountability DRAFT – 35-40 minutes This presentation will focus on logs as a vehicle for accountability in organization’s IT and even beyond. There are many other mechanisms of accountability in an organization, but logs are the one that pervades all IT. And if you IT is not accountable, your business is neither. Thus, if you tend to not be serious about logs, be aware that you are not serious about accountability. Is that the message your organization wants to be sending? Ignoring logs is not just dangerous (due to losing that important resources for troubleshooting and security), it is not only illegal (due to various regulations), but it is also unethical! The presentation will cover how logs can be used organization-wide to establish accountability of users, power-users, other IT as well as partners and others accessing systems and using your information. How to you make sure your users are accountable for their actions? How can you track their activities, if needed? How can auditors review the audit trails of various activities? Broad organization-wide log collection and analysis is the way to solve these and other problems related to accountability. NOTES: Strategic – CSO, etc LE, auditors, board, technical (users), case of breach, e-discovery, forensics, etc Accountability: from users/employees to the board FISMA? Tools? Frameworks? Action items? RAW: I was thinking about logs the other day :-) <p>And the following thought occurred to me: <b>Logs = accountability</b>. <p>So, what is accountability, really? <a href="http://en.wikipedia.org/wiki/Accountability">Wikipedia defines it</a> as "<b>Accountability</b> is a concept in <a href="http://en.wikipedia.org/wiki/Ethics">ethics</a> with several meanings. It is often used synonymously with such concepts as <a href="http://en.wikipedia.org/w/index.php?title=Answerability&action=edit">answerability</a>, enforcement, <a href="http://en.wikipedia.org/wiki/Social_responsibility">responsibility</a>, blameworthiness, <a href="http://en.wikipedia.org/wiki/Liability">liability</a> and other terms associated with the expectation of account-giving." <p>Yes, there are many other mechanisms of accountability in an organization, but logs are the one that pervades all IT. And if you IT is not accountable, your business is neither. Thus, if you tend to not be serious about logs, be aware that you are not serious about accountability. Is that the message your organization wants to be sending? <p>Ignoring logs is not just stupid (due to losing that important resources for troubleshooting and security), it is not only illegal (due to various regulations), but it is also unethical! :-)
Advertisement