SlideShare a Scribd company logo

2015 05-kuwait-log maturity-compressed

P
promediakw
1 of 26
Download to read offline
1 Log Management Maturity Models Almerindo Graziano, PhD CEO, Silensec al@silensec.com
2 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 About Silensec •  Information Security Management Consultancy Company (ISO27001 Certified) -  IT Governance, Security Audits -  Security System Integration (SIEM, LM, WAFs) -  Managed Security Services •  Offices: England, Cyprus, Kenya, •  Independent Security Training Provider -  ISO27001, Business Continuity, PCI DSS, CISSP, Ethical hacking, Computer Forensics, Mobile Forensics, Reverse Engineering, Intrusion Detection, Log Management •  Incident Response and Computer Forensics Services •  Research and Development -  Nwuki Mobile Forensics Suite
3 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Introduction •  Logs and the importance of logging •  Developing a Log Management System using the PDCA Model •  Log Management Maturity Models •  Common Mistakes •  Final Recommendations
4 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 What is a Log? •  A log is a trace generated by an application, a system or a device capturing information about a specific event that has occurred. •  Electronic –  E.g. Webserver logs •  Physical logs –  E.g. Visitors Log
5 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Modern IT Infrastructures •  IT/Telco Infrastructure -  Routers, switches, Wireless APs, VoIP etc. •  Services and Applications –  Mail, Web, Internet banking, e- commerce etc. •  Operating Systems –  Unix/Linux, Windows, Apple etc. •  Mobile Devices -  Mobile phones, Laptops, Pads etc. •  Security appliances and products -  Network/Web firewalls, HIDS, IDS/ IPS, Vulnerability Scanners, Antivirus, DLP etc. A typical company will produce tens of thousand of logs daily
6 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 What is Log Management •  Log Management is a key process aimed at the management of logs and associated information security risks •  Log Management is NOT: •  A technology solution or something that can be addressed by technology alone •  Just about security
7 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Why Log Management •  Compliance -  Complying with legal, regulatory and contractual obligations •  Security -  Effectively monitoring both internal and external threats -  Performing effective investigations of information security incidents -  Improving overall security •  Business -  Business analytics, measurement of process performance and achievement of objectives
8 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Log Management Systems Common Features •  Collection (from different sources) •  Aggregation •  Normalization •  Compression and storage •  Correlation •  Alerting •  Reporting
9 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Gartner Magic Quadrant for Security Information and Event Management 2014 Which Solution would you buy for Log Management?
10 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 What Would you Choose?
11 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 SIEM vs. Log Management •  Much confusion around SIEM –  Log Management is about logs not just security logs –  SIEM is about security •  Vendor convergence –  LM roots vs. SIEM roots
12 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Silensec Security Quadrant •  Competence Axis -  Measurable Objectives -  Cleary defined and supported processes -  Defined roles and responsibilities -  Staff competence -  Continuous Improvement •  Technology Axis -  Appropriate tools and systems -  Systems and tools are used to achieve stated objectives
13 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Common Approach to Log Management •  Competence -  No focus on people, competence and supporting controls -  Weak or no defined processes •  Requirements analysis •  Log review and analysis •  Improvements -  Log everything and store it for as long as we can -  Alert on anything and everything •  Technology -  Looking for the safe choice rather than the right one! -  Limited integration •  No bespoke systems and applications -  Not fully utilized •  Default correlation rules and reporting Common Approach
14 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Achieving Maturity •  Physical •  Mental •  Spiritual •  Social •  Sentimental •  Professional Achieving Maturity means achieving a conscious and accepted balance of maturity across all levels against one’s stated objectives
15 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Mature Approach to Log Management How do we achieve maturity when talking about log management?
16 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Log Management Maturity – Example 1 [*] Anton Chuvakin (Gartner)
17 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Log Management Maturity – Example 2
18 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Capability Maturity Model Integration (CMMI) •  Developed and maintained by Carnegie Mellon University -  Process improvement training and appraisal program and service •  Required by many DoD and U.S. Government contracts (especially in software development)
19 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Developing A Log Management System (LMS) •  PDCA Model -  Widely adopted across a number of international standards -  ISO9001, ISO27001, ISO22301 etc. •  Four Phases -  Plan – Scoping, Requirement analysis, Risk Assessment, selection of controls -  Do – Implementation of controls and key processes -  Check – Execution of monitoring processes and identification of improvements -  Act – Implementation of improvements
20 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Applying the PDCA Model Plan •  Organizational Context -  Why are we logging and what are we trying to achieve -  Scope •  Roles and Responsibilities •  Requirements Analysis -  Log and Alerts Schedules, Retention Schedule -  Logs Security Requirements •  Risk Assessment •  Choice of Log Management solution Do •  Competence Building •  Implementation of supporting controls •  Development of Log Management processes •  Deployment and integration of Log Management solution Check •  Log review and analysis •  Log Reporting Act •  Implementation of improvements Drives
21 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Log Management Foundation •  For Log Management to work and deliver on its promises we must be able to trust the logs being generated and ensure those logs are generated in the first place •  Key Supporting Controls -  Segregation of duties -  Password Management -  Patch Management -  Vulnerability Management
22 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 CMMI-Based Log Management Maturity Model Level Description Level 0 Non Existent Logs are generated based on default settings and not centrally collected. Staff has little or no competence in log analysis with no log review being carried out. Level 1 Initial The organization has an ad hoc and inconsistent approach to log management, with log collection and based on default settings and mainly for some important assets. There is no established log management process and no log review or analysis is being carried out. Any log management activity is down to the specific competence of staff. Level 2 Managed The organization has a consistent overall approach, but it is mostly undocumented, including roles and responsibilities. The log management process has been established from requirement analysis up to monitoring and improvement and it is somehow repeatable, possibly with consistent results. The organization is also capable of ensuring a correct execution of the log management activities during times of stress such as during an incident investigation although the process may lack in effectiveness and efficiency. Level 3 Defined The log management process is more thoroughly documented and in much more detail, defining clear roles and responsibilities and tools and techniques for log management activities. The organization is able to take full advantage of the log management process in a consistent and much more proactive way, through well documented reviewing activities. However, at this level there is not a strong emphasis on improvements. Level 4 Quantifiable Managed On top of the documented log management process, the organization has a documented approach for monitoring and measuring effectiveness and improvements. The log management process is quantitatively managed in accordance with defined metrics. Level 5 Optimizing This final phase is characterized by a strong emphasis on improvement and proactivity through a range of documented processes. Examples include algorithms for the analysis of large volumes of log to identify anomalies and patterns of interest that drive the implementation of changes.
23 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Common Mistakes •  Buying what others are buying •  No requirements analysis •  No PoC Done •  Not Valuing Competence Building •  Only budgeting for installation and integration •  No process development •  Not buying value-added support •  Badly written RFPs
24 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Final Recommendations •  Focus on the processes NOT on the technology •  Spend time to understand what needs to be logged and what can be left out •  Focus on building staff competences and less on on product specific training •  Make sure supporting controls are in place
25 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Take your time to reach maturity!
26 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Thank You Questions?

Recommended

503-Cathy Kirch Releasing Release Management-Final
503-Cathy Kirch Releasing Release Management-Final503-Cathy Kirch Releasing Release Management-Final
503-Cathy Kirch Releasing Release Management-FinalCathy Kirch
 
ISO 27001-Manage IT Risks and Build Customer Confidence
ISO 27001-Manage IT Risks and Build Customer ConfidenceISO 27001-Manage IT Risks and Build Customer Confidence
ISO 27001-Manage IT Risks and Build Customer ConfidenceAl Abbas, PMP, CISSP, MBA, MSc
 
Chap01
Chap01Chap01
Chap01KASSAWMAR AYALEW
 
Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practicesBen Rothke
 
Enterprise Risk Management Solutions
Enterprise Risk Management SolutionsEnterprise Risk Management Solutions
Enterprise Risk Management SolutionsLexComply
 
Structured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six SigmaStructured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six SigmaEnergySec
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Iiaic08 power point cs2-3_track_regulatory session v3
Iiaic08 power point cs2-3_track_regulatory session v3Iiaic08 power point cs2-3_track_regulatory session v3
Iiaic08 power point cs2-3_track_regulatory session v3Gene Kim
 

Recommended

503-Cathy Kirch Releasing Release Management-Final
503-Cathy Kirch Releasing Release Management-Final503-Cathy Kirch Releasing Release Management-Final
503-Cathy Kirch Releasing Release Management-FinalCathy Kirch
 
ISO 27001-Manage IT Risks and Build Customer Confidence
ISO 27001-Manage IT Risks and Build Customer ConfidenceISO 27001-Manage IT Risks and Build Customer Confidence
ISO 27001-Manage IT Risks and Build Customer ConfidenceAl Abbas, PMP, CISSP, MBA, MSc
 
Chap01
Chap01Chap01
Chap01KASSAWMAR AYALEW
 
Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practicesBen Rothke
 
Enterprise Risk Management Solutions
Enterprise Risk Management SolutionsEnterprise Risk Management Solutions
Enterprise Risk Management SolutionsLexComply
 
Structured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six SigmaStructured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six SigmaEnergySec
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Iiaic08 power point cs2-3_track_regulatory session v3
Iiaic08 power point cs2-3_track_regulatory session v3Iiaic08 power point cs2-3_track_regulatory session v3
Iiaic08 power point cs2-3_track_regulatory session v3Gene Kim
 
Gremio 2015
Gremio 2015Gremio 2015
Gremio 2015Paulo Cardozo
 
13 C class notes for Teen Trouble documentary
13 C class notes for Teen Trouble documentary13 C class notes for Teen Trouble documentary
13 C class notes for Teen Trouble documentarylaneford
 
Advertisement Company
Advertisement CompanyAdvertisement Company
Advertisement Companyurmish34
 
Corrugated Steel Bridge and Tunnel Solutions
Corrugated Steel Bridge and Tunnel Solutions Corrugated Steel Bridge and Tunnel Solutions
Corrugated Steel Bridge and Tunnel Solutions Agata Woźniak
 
Bayern Monachium
Bayern MonachiumBayern Monachium
Bayern MonachiumPatryk Ziółek
 
Kpi for manager
Kpi for managerKpi for manager
Kpi for managerremaphemiller
 
DHCP on windows server 2012
DHCP on windows server 2012DHCP on windows server 2012
DHCP on windows server 2012turkialbakry
 
каталог Aeg 12 13
каталог Aeg 12 13каталог Aeg 12 13
каталог Aeg 12 13azovinstrument
 
Traffic Access and Impact Study Guidelines & Procedures
Traffic Access and Impact Study Guidelines & ProceduresTraffic Access and Impact Study Guidelines & Procedures
Traffic Access and Impact Study Guidelines & Proceduresgscplanning
 
Agnosticism
AgnosticismAgnosticism
AgnosticismKaitlyn Vierday
 
C.V
C.VC.V
C.VSara Abo Shady
 
Assisted Living Regulations
Assisted Living RegulationsAssisted Living Regulations
Assisted Living Regulationsgscplanning
 
Comp plan kick off meeting notes 1 26 2016
Comp plan kick off meeting notes 1 26 2016Comp plan kick off meeting notes 1 26 2016
Comp plan kick off meeting notes 1 26 2016gscplanning
 
Představení COPRA spol. s r.o.
Představení COPRA spol. s r.o.Představení COPRA spol. s r.o.
Představení COPRA spol. s r.o.copracz
 
Lr1 1 n
Lr1 1 nLr1 1 n
Lr1 1 nshymanska
 
2014 الأرشفة والوثائق ahmed amin
2014 الأرشفة والوثائق ahmed amin2014 الأرشفة والوثائق ahmed amin
2014 الأرشفة والوثائق ahmed aminpromediakw
 
بناء الثقافة الوظيفية - محمد كمال
بناء الثقافة الوظيفية - محمد كمال بناء الثقافة الوظيفية - محمد كمال
بناء الثقافة الوظيفية - محمد كمال promediakw
 
X pages day発表_20141118
X pages day発表_20141118X pages day発表_20141118
X pages day発表_20141118Takashi Yamori
 
Lousiest Ways to Tell Someone You Gave Them an STD
Lousiest Ways to Tell Someone You Gave Them an STDLousiest Ways to Tell Someone You Gave Them an STD
Lousiest Ways to Tell Someone You Gave Them an STDSTD Check
 
IT Compliance in 2015 - Beyond the “v” model
IT Compliance in 2015 - Beyond the “v” modelIT Compliance in 2015 - Beyond the “v” model
IT Compliance in 2015 - Beyond the “v” modelIGATE Corporation
 
Risk based it auditing for non it auditors (basics of it auditing) final 12
Risk based it auditing for non it auditors (basics of it auditing) final 12Risk based it auditing for non it auditors (basics of it auditing) final 12
Risk based it auditing for non it auditors (basics of it auditing) final 12Thilak Pathirage -Senior IT Gov and Risk Consultant
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptxPrashant Singh
 

More Related Content

Viewers also liked

13 C class notes for Teen Trouble documentary
13 C class notes for Teen Trouble documentary13 C class notes for Teen Trouble documentary
13 C class notes for Teen Trouble documentarylaneford
 
Advertisement Company
Advertisement CompanyAdvertisement Company
Advertisement Companyurmish34
 
Corrugated Steel Bridge and Tunnel Solutions
Corrugated Steel Bridge and Tunnel Solutions Corrugated Steel Bridge and Tunnel Solutions
Corrugated Steel Bridge and Tunnel Solutions Agata Woźniak
 
DHCP on windows server 2012
DHCP on windows server 2012DHCP on windows server 2012
DHCP on windows server 2012turkialbakry
 
каталог Aeg 12 13
каталог Aeg 12 13каталог Aeg 12 13
каталог Aeg 12 13azovinstrument
 
Traffic Access and Impact Study Guidelines & Procedures
Traffic Access and Impact Study Guidelines & ProceduresTraffic Access and Impact Study Guidelines & Procedures
Traffic Access and Impact Study Guidelines & Proceduresgscplanning
 
Assisted Living Regulations
Assisted Living RegulationsAssisted Living Regulations
Assisted Living Regulationsgscplanning
 
Comp plan kick off meeting notes 1 26 2016
Comp plan kick off meeting notes 1 26 2016Comp plan kick off meeting notes 1 26 2016
Comp plan kick off meeting notes 1 26 2016gscplanning
 
Představení COPRA spol. s r.o.
Představení COPRA spol. s r.o.Představení COPRA spol. s r.o.
Představení COPRA spol. s r.o.copracz
 
2014 الأرشفة والوثائق ahmed amin
2014 الأرشفة والوثائق ahmed amin2014 الأرشفة والوثائق ahmed amin
2014 الأرشفة والوثائق ahmed aminpromediakw
 
بناء الثقافة الوظيفية - محمد كمال
بناء الثقافة الوظيفية - محمد كمال بناء الثقافة الوظيفية - محمد كمال
بناء الثقافة الوظيفية - محمد كمال promediakw
 
X pages day発表_20141118
X pages day発表_20141118X pages day発表_20141118
X pages day発表_20141118Takashi Yamori
 
Lousiest Ways to Tell Someone You Gave Them an STD
Lousiest Ways to Tell Someone You Gave Them an STDLousiest Ways to Tell Someone You Gave Them an STD
Lousiest Ways to Tell Someone You Gave Them an STDSTD Check
 

Viewers also liked (19)

Gremio 2015
Gremio 2015Gremio 2015
Gremio 2015
 
13 C class notes for Teen Trouble documentary
13 C class notes for Teen Trouble documentary13 C class notes for Teen Trouble documentary
13 C class notes for Teen Trouble documentary
 
Advertisement Company
Advertisement CompanyAdvertisement Company
Advertisement Company
 
Corrugated Steel Bridge and Tunnel Solutions
Corrugated Steel Bridge and Tunnel Solutions Corrugated Steel Bridge and Tunnel Solutions
Corrugated Steel Bridge and Tunnel Solutions
 
Bayern Monachium
Bayern MonachiumBayern Monachium
Bayern Monachium
 
Kpi for manager
Kpi for managerKpi for manager
Kpi for manager
 
DHCP on windows server 2012
DHCP on windows server 2012DHCP on windows server 2012
DHCP on windows server 2012
 
каталог Aeg 12 13
каталог Aeg 12 13каталог Aeg 12 13
каталог Aeg 12 13
 
Traffic Access and Impact Study Guidelines & Procedures
Traffic Access and Impact Study Guidelines & ProceduresTraffic Access and Impact Study Guidelines & Procedures
Traffic Access and Impact Study Guidelines & Procedures
 
Agnosticism
AgnosticismAgnosticism
Agnosticism
 
C.V
C.VC.V
C.V
 
Assisted Living Regulations
Assisted Living RegulationsAssisted Living Regulations
Assisted Living Regulations
 
Comp plan kick off meeting notes 1 26 2016
Comp plan kick off meeting notes 1 26 2016Comp plan kick off meeting notes 1 26 2016
Comp plan kick off meeting notes 1 26 2016
 
Představení COPRA spol. s r.o.
Představení COPRA spol. s r.o.Představení COPRA spol. s r.o.
Představení COPRA spol. s r.o.
 
Lr1 1 n
Lr1 1 nLr1 1 n
Lr1 1 n
 
2014 الأرشفة والوثائق ahmed amin
2014 الأرشفة والوثائق ahmed amin2014 الأرشفة والوثائق ahmed amin
2014 الأرشفة والوثائق ahmed amin
 
بناء الثقافة الوظيفية - محمد كمال
بناء الثقافة الوظيفية - محمد كمال بناء الثقافة الوظيفية - محمد كمال
بناء الثقافة الوظيفية - محمد كمال
 
X pages day発表_20141118
X pages day発表_20141118X pages day発表_20141118
X pages day発表_20141118
 
Lousiest Ways to Tell Someone You Gave Them an STD
Lousiest Ways to Tell Someone You Gave Them an STDLousiest Ways to Tell Someone You Gave Them an STD
Lousiest Ways to Tell Someone You Gave Them an STD
 

Similar to 2015 05-kuwait-log maturity-compressed

IT Compliance in 2015 - Beyond the “v” model
IT Compliance in 2015 - Beyond the “v” modelIT Compliance in 2015 - Beyond the “v” model
IT Compliance in 2015 - Beyond the “v” modelIGATE Corporation
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptxPrashant Singh
 
Metrics, Risk Management & DLP
Metrics, Risk Management & DLPMetrics, Risk Management & DLP
Metrics, Risk Management & DLPRobert Kloots
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual cisoMichael Ball
 
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practiceJohn Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practiceitSMF UK
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
CIT2015TheCaseITServiceManagement.pptx
CIT2015TheCaseITServiceManagement.pptxCIT2015TheCaseITServiceManagement.pptx
CIT2015TheCaseITServiceManagement.pptxAnishKumar509840
 
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...TRANANHQUAN4
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013James Sutter
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013Jim Sutter
 
MuleSoft Singapore Meetup - Number 6 - September 24, 2020
MuleSoft Singapore Meetup - Number 6 - September 24, 2020MuleSoft Singapore Meetup - Number 6 - September 24, 2020
MuleSoft Singapore Meetup - Number 6 - September 24, 2020Julian Douch
 
Integrating IBM PureApplication System and IBM UrbanCode Deploy: A GE Capital...
Integrating IBM PureApplication System and IBM UrbanCode Deploy: A GE Capital...Integrating IBM PureApplication System and IBM UrbanCode Deploy: A GE Capital...
Integrating IBM PureApplication System and IBM UrbanCode Deploy: A GE Capital...Prolifics
 
A Vision On Integrated Inspection Planning Prototyping
A Vision On Integrated Inspection Planning PrototypingA Vision On Integrated Inspection Planning Prototyping
A Vision On Integrated Inspection Planning PrototypingGH_Wijnants
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001PECB
 

Similar to 2015 05-kuwait-log maturity-compressed (20)

IT Compliance in 2015 - Beyond the “v” model
IT Compliance in 2015 - Beyond the “v” modelIT Compliance in 2015 - Beyond the “v” model
IT Compliance in 2015 - Beyond the “v” model
 
Risk based it auditing for non it auditors (basics of it auditing) final 12
Risk based it auditing for non it auditors (basics of it auditing) final 12Risk based it auditing for non it auditors (basics of it auditing) final 12
Risk based it auditing for non it auditors (basics of it auditing) final 12
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptx
 
Metrics, Risk Management & DLP
Metrics, Risk Management & DLPMetrics, Risk Management & DLP
Metrics, Risk Management & DLP
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual ciso
 
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practiceJohn Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
 
CIT2015TheCaseITServiceManagement.pptx
CIT2015TheCaseITServiceManagement.pptxCIT2015TheCaseITServiceManagement.pptx
CIT2015TheCaseITServiceManagement.pptx
 
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
CMMI.pptx
CMMI.pptxCMMI.pptx
CMMI.pptx
 
Info.ppt
Info.pptInfo.ppt
Info.ppt
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013
 
MuleSoft Singapore Meetup - Number 6 - September 24, 2020
MuleSoft Singapore Meetup - Number 6 - September 24, 2020MuleSoft Singapore Meetup - Number 6 - September 24, 2020
MuleSoft Singapore Meetup - Number 6 - September 24, 2020
 
COBIT
COBITCOBIT
COBIT
 
Integrating IBM PureApplication System and IBM UrbanCode Deploy: A GE Capital...
Integrating IBM PureApplication System and IBM UrbanCode Deploy: A GE Capital...Integrating IBM PureApplication System and IBM UrbanCode Deploy: A GE Capital...
Integrating IBM PureApplication System and IBM UrbanCode Deploy: A GE Capital...
 
A Vision On Integrated Inspection Planning Prototyping
A Vision On Integrated Inspection Planning PrototypingA Vision On Integrated Inspection Planning Prototyping
A Vision On Integrated Inspection Planning Prototyping
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
 

More from promediakw

ورقة عمل المؤتمر الخليجي الثاني بالكويت تقديم دكتور عنتر سليمان
ورقة عمل المؤتمر الخليجي الثاني بالكويت تقديم دكتور عنتر سليمانورقة عمل المؤتمر الخليجي الثاني بالكويت تقديم دكتور عنتر سليمان
ورقة عمل المؤتمر الخليجي الثاني بالكويت تقديم دكتور عنتر سليمانpromediakw
 
دور التدريب فى تحقيق الميزة التنافسية محمد عمرو صادق
دور التدريب فى تحقيق الميزة التنافسية محمد عمرو صادق دور التدريب فى تحقيق الميزة التنافسية محمد عمرو صادق
دور التدريب فى تحقيق الميزة التنافسية محمد عمرو صادق promediakw
 
إنجح في التوظيف ميلاد حدشيتي
إنجح في التوظيف ميلاد حدشيتيإنجح في التوظيف ميلاد حدشيتي
إنجح في التوظيف ميلاد حدشيتيpromediakw
 
الكوتشنج الوظيفي مؤتمر الموارد البشرية الخليجي- أحمد مجدي
الكوتشنج الوظيفي مؤتمر الموارد البشرية الخليجي- أحمد مجدي الكوتشنج الوظيفي مؤتمر الموارد البشرية الخليجي- أحمد مجدي
الكوتشنج الوظيفي مؤتمر الموارد البشرية الخليجي- أحمد مجدي promediakw
 
2د. محمد كمال
2د. محمد كمال 2د. محمد كمال
2د. محمد كمال promediakw
 
د. محمد كمال
د. محمد كمال د. محمد كمال
د. محمد كمال promediakw
 
وليد حمود ورقة الأمانة العامة
وليد حمود ورقة الأمانة العامة وليد حمود ورقة الأمانة العامة
وليد حمود ورقة الأمانة العامةpromediakw
 
محمد العوفي - تنمية الموارد البشرية الخليجية كمدخل استراتيجي لتحقيق ثروة
محمد العوفي - تنمية الموارد البشرية الخليجية كمدخل استراتيجي لتحقيق ثروة محمد العوفي - تنمية الموارد البشرية الخليجية كمدخل استراتيجي لتحقيق ثروة
محمد العوفي - تنمية الموارد البشرية الخليجية كمدخل استراتيجي لتحقيق ثروةpromediakw
 
أمل الرشدان -التحسين المستمر بروميديا
أمل الرشدان -التحسين المستمر بروميديا أمل الرشدان -التحسين المستمر بروميديا
أمل الرشدان -التحسين المستمر بروميدياpromediakw
 
Eng. salman zafar - Concept of zero wastes and role of material recovery faci...
Eng. salman zafar - Concept of zero wastes and role of material recovery faci...Eng. salman zafar - Concept of zero wastes and role of material recovery faci...
Eng. salman zafar - Concept of zero wastes and role of material recovery faci...promediakw
 
مؤتمر النفايات
مؤتمر النفاياتمؤتمر النفايات
مؤتمر النفاياتpromediakw
 
Eng. ch. rama krushna chary drilling waste management
Eng. ch. rama krushna chary drilling waste managementEng. ch. rama krushna chary drilling waste management
Eng. ch. rama krushna chary drilling waste managementpromediakw
 
Dr shirish naik - Decentralized wastewater treatment systems
Dr shirish naik - Decentralized wastewater treatment systemsDr shirish naik - Decentralized wastewater treatment systems
Dr shirish naik - Decentralized wastewater treatment systemspromediakw
 
Dr. S. Neelamani - Scrap tires as wave barriers in the marine environmnet ana...
Dr. S. Neelamani - Scrap tires as wave barriers in the marine environmnet ana...Dr. S. Neelamani - Scrap tires as wave barriers in the marine environmnet ana...
Dr. S. Neelamani - Scrap tires as wave barriers in the marine environmnet ana...promediakw
 
Dr. Faten Al-Attar - Green building and waste management
Dr. Faten Al-Attar - Green building and waste managementDr. Faten Al-Attar - Green building and waste management
Dr. Faten Al-Attar - Green building and waste managementpromediakw
 
Dr. Ahmad Abdul Hay Agwa - Offshore drilling waste treatments & risk manageme...
Dr. Ahmad Abdul Hay Agwa - Offshore drilling waste treatments & risk manageme...Dr. Ahmad Abdul Hay Agwa - Offshore drilling waste treatments & risk manageme...
Dr. Ahmad Abdul Hay Agwa - Offshore drilling waste treatments & risk manageme...promediakw
 
Dr. Abdul Rehman Khan - Rehabilitation of an industrial mercury contaminated ...
Dr. Abdul Rehman Khan - Rehabilitation of an industrial mercury contaminated ...Dr. Abdul Rehman Khan - Rehabilitation of an industrial mercury contaminated ...
Dr. Abdul Rehman Khan - Rehabilitation of an industrial mercury contaminated ...promediakw
 
Dr. Ziyad Salloum - Geographical Passwords
Dr. Ziyad Salloum - Geographical PasswordsDr. Ziyad Salloum - Geographical Passwords
Dr. Ziyad Salloum - Geographical Passwordspromediakw
 
Mr. Tamer el - Bahey - Leveraging open source intelligence v1.1
Mr. Tamer el - Bahey - Leveraging open source intelligence v1.1Mr. Tamer el - Bahey - Leveraging open source intelligence v1.1
Mr. Tamer el - Bahey - Leveraging open source intelligence v1.1promediakw
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...promediakw
 

More from promediakw (20)

ورقة عمل المؤتمر الخليجي الثاني بالكويت تقديم دكتور عنتر سليمان
ورقة عمل المؤتمر الخليجي الثاني بالكويت تقديم دكتور عنتر سليمانورقة عمل المؤتمر الخليجي الثاني بالكويت تقديم دكتور عنتر سليمان
ورقة عمل المؤتمر الخليجي الثاني بالكويت تقديم دكتور عنتر سليمان
 
دور التدريب فى تحقيق الميزة التنافسية محمد عمرو صادق
دور التدريب فى تحقيق الميزة التنافسية محمد عمرو صادق دور التدريب فى تحقيق الميزة التنافسية محمد عمرو صادق
دور التدريب فى تحقيق الميزة التنافسية محمد عمرو صادق
 
إنجح في التوظيف ميلاد حدشيتي
إنجح في التوظيف ميلاد حدشيتيإنجح في التوظيف ميلاد حدشيتي
إنجح في التوظيف ميلاد حدشيتي
 
الكوتشنج الوظيفي مؤتمر الموارد البشرية الخليجي- أحمد مجدي
الكوتشنج الوظيفي مؤتمر الموارد البشرية الخليجي- أحمد مجدي الكوتشنج الوظيفي مؤتمر الموارد البشرية الخليجي- أحمد مجدي
الكوتشنج الوظيفي مؤتمر الموارد البشرية الخليجي- أحمد مجدي
 
2د. محمد كمال
2د. محمد كمال 2د. محمد كمال
2د. محمد كمال
 
د. محمد كمال
د. محمد كمال د. محمد كمال
د. محمد كمال
 
وليد حمود ورقة الأمانة العامة
وليد حمود ورقة الأمانة العامة وليد حمود ورقة الأمانة العامة
وليد حمود ورقة الأمانة العامة
 
محمد العوفي - تنمية الموارد البشرية الخليجية كمدخل استراتيجي لتحقيق ثروة
محمد العوفي - تنمية الموارد البشرية الخليجية كمدخل استراتيجي لتحقيق ثروة محمد العوفي - تنمية الموارد البشرية الخليجية كمدخل استراتيجي لتحقيق ثروة
محمد العوفي - تنمية الموارد البشرية الخليجية كمدخل استراتيجي لتحقيق ثروة
 
أمل الرشدان -التحسين المستمر بروميديا
أمل الرشدان -التحسين المستمر بروميديا أمل الرشدان -التحسين المستمر بروميديا
أمل الرشدان -التحسين المستمر بروميديا
 
Eng. salman zafar - Concept of zero wastes and role of material recovery faci...
Eng. salman zafar - Concept of zero wastes and role of material recovery faci...Eng. salman zafar - Concept of zero wastes and role of material recovery faci...
Eng. salman zafar - Concept of zero wastes and role of material recovery faci...
 
مؤتمر النفايات
مؤتمر النفاياتمؤتمر النفايات
مؤتمر النفايات
 
Eng. ch. rama krushna chary drilling waste management
Eng. ch. rama krushna chary drilling waste managementEng. ch. rama krushna chary drilling waste management
Eng. ch. rama krushna chary drilling waste management
 
Dr shirish naik - Decentralized wastewater treatment systems
Dr shirish naik - Decentralized wastewater treatment systemsDr shirish naik - Decentralized wastewater treatment systems
Dr shirish naik - Decentralized wastewater treatment systems
 
Dr. S. Neelamani - Scrap tires as wave barriers in the marine environmnet ana...
Dr. S. Neelamani - Scrap tires as wave barriers in the marine environmnet ana...Dr. S. Neelamani - Scrap tires as wave barriers in the marine environmnet ana...
Dr. S. Neelamani - Scrap tires as wave barriers in the marine environmnet ana...
 
Dr. Faten Al-Attar - Green building and waste management
Dr. Faten Al-Attar - Green building and waste managementDr. Faten Al-Attar - Green building and waste management
Dr. Faten Al-Attar - Green building and waste management
 
Dr. Ahmad Abdul Hay Agwa - Offshore drilling waste treatments & risk manageme...
Dr. Ahmad Abdul Hay Agwa - Offshore drilling waste treatments & risk manageme...Dr. Ahmad Abdul Hay Agwa - Offshore drilling waste treatments & risk manageme...
Dr. Ahmad Abdul Hay Agwa - Offshore drilling waste treatments & risk manageme...
 
Dr. Abdul Rehman Khan - Rehabilitation of an industrial mercury contaminated ...
Dr. Abdul Rehman Khan - Rehabilitation of an industrial mercury contaminated ...Dr. Abdul Rehman Khan - Rehabilitation of an industrial mercury contaminated ...
Dr. Abdul Rehman Khan - Rehabilitation of an industrial mercury contaminated ...
 
Dr. Ziyad Salloum - Geographical Passwords
Dr. Ziyad Salloum - Geographical PasswordsDr. Ziyad Salloum - Geographical Passwords
Dr. Ziyad Salloum - Geographical Passwords
 
Mr. Tamer el - Bahey - Leveraging open source intelligence v1.1
Mr. Tamer el - Bahey - Leveraging open source intelligence v1.1Mr. Tamer el - Bahey - Leveraging open source intelligence v1.1
Mr. Tamer el - Bahey - Leveraging open source intelligence v1.1
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
 

2015 05-kuwait-log maturity-compressed

  • 1. 1 Log Management Maturity Models Almerindo Graziano, PhD CEO, Silensec al@silensec.com
  • 2. 2 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 About Silensec •  Information Security Management Consultancy Company (ISO27001 Certified) -  IT Governance, Security Audits -  Security System Integration (SIEM, LM, WAFs) -  Managed Security Services •  Offices: England, Cyprus, Kenya, •  Independent Security Training Provider -  ISO27001, Business Continuity, PCI DSS, CISSP, Ethical hacking, Computer Forensics, Mobile Forensics, Reverse Engineering, Intrusion Detection, Log Management •  Incident Response and Computer Forensics Services •  Research and Development -  Nwuki Mobile Forensics Suite
  • 3. 3 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Introduction •  Logs and the importance of logging •  Developing a Log Management System using the PDCA Model •  Log Management Maturity Models •  Common Mistakes •  Final Recommendations
  • 4. 4 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 What is a Log? •  A log is a trace generated by an application, a system or a device capturing information about a specific event that has occurred. •  Electronic –  E.g. Webserver logs •  Physical logs –  E.g. Visitors Log
  • 5. 5 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Modern IT Infrastructures •  IT/Telco Infrastructure -  Routers, switches, Wireless APs, VoIP etc. •  Services and Applications –  Mail, Web, Internet banking, e- commerce etc. •  Operating Systems –  Unix/Linux, Windows, Apple etc. •  Mobile Devices -  Mobile phones, Laptops, Pads etc. •  Security appliances and products -  Network/Web firewalls, HIDS, IDS/ IPS, Vulnerability Scanners, Antivirus, DLP etc. A typical company will produce tens of thousand of logs daily
  • 6. 6 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 What is Log Management •  Log Management is a key process aimed at the management of logs and associated information security risks •  Log Management is NOT: •  A technology solution or something that can be addressed by technology alone •  Just about security
  • 7. 7 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Why Log Management •  Compliance -  Complying with legal, regulatory and contractual obligations •  Security -  Effectively monitoring both internal and external threats -  Performing effective investigations of information security incidents -  Improving overall security •  Business -  Business analytics, measurement of process performance and achievement of objectives
  • 8. 8 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Log Management Systems Common Features •  Collection (from different sources) •  Aggregation •  Normalization •  Compression and storage •  Correlation •  Alerting •  Reporting
  • 9. 9 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Gartner Magic Quadrant for Security Information and Event Management 2014 Which Solution would you buy for Log Management?
  • 10. 10 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 What Would you Choose?
  • 11. 11 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 SIEM vs. Log Management •  Much confusion around SIEM –  Log Management is about logs not just security logs –  SIEM is about security •  Vendor convergence –  LM roots vs. SIEM roots
  • 12. 12 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Silensec Security Quadrant •  Competence Axis -  Measurable Objectives -  Cleary defined and supported processes -  Defined roles and responsibilities -  Staff competence -  Continuous Improvement •  Technology Axis -  Appropriate tools and systems -  Systems and tools are used to achieve stated objectives
  • 13. 13 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Common Approach to Log Management •  Competence -  No focus on people, competence and supporting controls -  Weak or no defined processes •  Requirements analysis •  Log review and analysis •  Improvements -  Log everything and store it for as long as we can -  Alert on anything and everything •  Technology -  Looking for the safe choice rather than the right one! -  Limited integration •  No bespoke systems and applications -  Not fully utilized •  Default correlation rules and reporting Common Approach
  • 14. 14 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Achieving Maturity •  Physical •  Mental •  Spiritual •  Social •  Sentimental •  Professional Achieving Maturity means achieving a conscious and accepted balance of maturity across all levels against one’s stated objectives
  • 15. 15 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Mature Approach to Log Management How do we achieve maturity when talking about log management?
  • 16. 16 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Log Management Maturity – Example 1 [*] Anton Chuvakin (Gartner)
  • 17. 17 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Log Management Maturity – Example 2
  • 18. 18 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Capability Maturity Model Integration (CMMI) •  Developed and maintained by Carnegie Mellon University -  Process improvement training and appraisal program and service •  Required by many DoD and U.S. Government contracts (especially in software development)
  • 19. 19 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Developing A Log Management System (LMS) •  PDCA Model -  Widely adopted across a number of international standards -  ISO9001, ISO27001, ISO22301 etc. •  Four Phases -  Plan – Scoping, Requirement analysis, Risk Assessment, selection of controls -  Do – Implementation of controls and key processes -  Check – Execution of monitoring processes and identification of improvements -  Act – Implementation of improvements
  • 20. 20 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Applying the PDCA Model Plan •  Organizational Context -  Why are we logging and what are we trying to achieve -  Scope •  Roles and Responsibilities •  Requirements Analysis -  Log and Alerts Schedules, Retention Schedule -  Logs Security Requirements •  Risk Assessment •  Choice of Log Management solution Do •  Competence Building •  Implementation of supporting controls •  Development of Log Management processes •  Deployment and integration of Log Management solution Check •  Log review and analysis •  Log Reporting Act •  Implementation of improvements Drives
  • 21. 21 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Log Management Foundation •  For Log Management to work and deliver on its promises we must be able to trust the logs being generated and ensure those logs are generated in the first place •  Key Supporting Controls -  Segregation of duties -  Password Management -  Patch Management -  Vulnerability Management
  • 22. 22 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 CMMI-Based Log Management Maturity Model Level Description Level 0 Non Existent Logs are generated based on default settings and not centrally collected. Staff has little or no competence in log analysis with no log review being carried out. Level 1 Initial The organization has an ad hoc and inconsistent approach to log management, with log collection and based on default settings and mainly for some important assets. There is no established log management process and no log review or analysis is being carried out. Any log management activity is down to the specific competence of staff. Level 2 Managed The organization has a consistent overall approach, but it is mostly undocumented, including roles and responsibilities. The log management process has been established from requirement analysis up to monitoring and improvement and it is somehow repeatable, possibly with consistent results. The organization is also capable of ensuring a correct execution of the log management activities during times of stress such as during an incident investigation although the process may lack in effectiveness and efficiency. Level 3 Defined The log management process is more thoroughly documented and in much more detail, defining clear roles and responsibilities and tools and techniques for log management activities. The organization is able to take full advantage of the log management process in a consistent and much more proactive way, through well documented reviewing activities. However, at this level there is not a strong emphasis on improvements. Level 4 Quantifiable Managed On top of the documented log management process, the organization has a documented approach for monitoring and measuring effectiveness and improvements. The log management process is quantitatively managed in accordance with defined metrics. Level 5 Optimizing This final phase is characterized by a strong emphasis on improvement and proactivity through a range of documented processes. Examples include algorithms for the analysis of large volumes of log to identify anomalies and patterns of interest that drive the implementation of changes.
  • 23. 23 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Common Mistakes •  Buying what others are buying •  No requirements analysis •  No PoC Done •  Not Valuing Competence Building •  Only budgeting for installation and integration •  No process development •  Not buying value-added support •  Badly written RFPs
  • 24. 24 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Final Recommendations •  Focus on the processes NOT on the technology •  Spend time to understand what needs to be logged and what can be left out •  Focus on building staff competences and less on on product specific training •  Make sure supporting controls are in place
  • 25. 25 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Take your time to reach maturity!
  • 26. 26 Copyrighted material. Any reproduction, in any media or format is forbidden © 2015 Version 1 7th Kuwait Info Security Forum 7th May 2015 Thank You Questions?