Audit and Trace Log Management: Consolidation and Analysis, 1st Edition (Hardback) book cover

Audit and Trace Log Management

Consolidation and Analysis, 1st Edition

By Phillip Q. Maier

Auerbach Publications

192 pages | 18 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9780849327254
pub: 2006-04-05
SAVE ~$26.00
eBook (VitalSource) : 9780429095559
pub: 2006-04-05
from $65.00

FREE Standard Shipping!


As regulation and legislation evolve, the critical need for cost-effective and efficient IT audit and monitoring solutions will continue to grow. Audit and Trace Log Management: Consolidation and Analysis offers a comprehensive introduction and explanation of requirements and problem definition, and also delivers a multidimensional solution set with broad applicability across a wide range of organizations.

Itprovidesa wealth of information in the form of processwalkthroughs. These include problem determination, requirements gathering,scope definition, risk assessment, compliance objectives, systemdesign and architecture, implementation and operational challenges, productand solution evaluation, communication plans, project managementchallenges, and determining Return on Investment (ROI). By using templates, tools, and samples that enhance your understanding of processes and solution sets, the author successfully emphasizes the core themes of the book. He also includes many diagrams throughout his discussion that aid in a clear communication of process and solution recommendations.

This volume enables you to gain the knowledge, perspective, and insight needed to independently implement a successful audit and monitoring management system tailored to the unique requirements of your organization.


“There are only a few books that I would recommend every security professional keep on the shelf, … this is one of them. It was written by someone who has lived the numbing nightmare of surveying the endlessly proliferating sources of event data in a modern enterprise, of identifying what must be collected, how it should be collected, filtered and stored, and what should be done with it. Most importantly, Maier kept careful notes along the way and has provided a guidebook that will help those of us who follow.”

—Richard Austin, MSC, CISSP, MCSE, Hewlett Packard, in IEEE Cipher, January 2007

“Ultimately the readers are provided with a roadmap and a “how to” guideline leading to the successful implementation of a state-of-the-art auditing and monitoring system. Most will want to read it from cover to cover, and also add it to their bookshelves for frequent reference. …Armed with the knowledge from this book, you will be able to champion and guide your organization through a disciplined and well-defined audit and monitoring project. It isn’t a stretch to be able further to design and implement the system while fulfilling a diverse set of requirements and organizational needs.”

Linda L. McGhie, CISSP, CISM, PCS ISO/Risk Manager, Wells Fargo Bank

Table of Contents

Introduction to Audit Logging

The “Why” of Consolidated Audit Logging

Taking Stock, What Is in Place Today

What Forms or Levels of Logging Do You Currently Perform on This


What Is the Volume, Amount of Data Collected in One 24-Hour Period?

What Is Your Retention Period; That Is, How Long Do You

Keep Retrievable Logs?

What Are the Formats for This Retention? 30 Days Online,

30 Days Tape, 3 Months CD?

What Is the “Write per Second” Timeframe? How Many Records

per Second Are Generated and Logged?

Where Are the Logs Stored Today (Locally on the Box, Locally

on a Nearby Server, or Remotely)?

If Stored Externally, How Are They Transported to the External

Store (Syslog, FTP, Other)?

Is There a Separate Physical Interface over Which the Logs Are

Distributed Out of the Box?

What Are the Access Control Mechanisms over Access to the

Stored Logs?

Who Reviews the Logs? At What Frequency?

What Is the Data Classification of This Log Data (Company

Secret, Confidential, Internal Use)?

Is There a Log Reporting System? How Are the Logs Accessed and

Viewed? How Many People in the Organization Are Required to

Have Access to These Logs?

What Is the Nature of the Reviews: Are Keywords Searched,

Summaries, or Just High-Level Eyeing of the Log Data?

Are There Additional Log Review, Storage, or Analysis

Capabilities That You Would Like to Have over This Log Data?

If So, What Are They?

The Completed Survey

Deciding What to Capture and How to Do It

Requirements Gathering for Whole Log Capture

The Normalization Process

Setting Up Correlation Rules, Putting Your Assembled

Infrastructure to Work

Security Event Management, Generating Reports from Your


Security Event and Incident Management and Reporting

Security Alert Management (SAM)

Setting Security Alert Levels and Escalation Processes

Security Operations Center (SOC) Reporting

The Escalation Process

Level 1 Alerts

Management Reporting

Pulling It All Together and Making Your Case

Justifying Your System for Forensic Analysis

Gaining Buy-In for Your System

Future Implementation Strategies and Value-Added Components

About the Author

Maier\, Phillip Q.

Subject Categories

BISAC Subject Codes/Headings:
COMPUTERS / Information Technology
COMPUTERS / Security / General