• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Audit - Log Retention - How Long - Legal Requirements?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion

View previous topic :: View next topic  
Author Message
Mongrel
SF Mod
SF Mod


Joined: 30 May 2002
Posts: 8


Offline

PostPosted: Tue Aug 12, 2003 6:40 pm    Post subject: Audit - Log Retention - How Long - Legal Requirements? Reply with quote

Setting up policies for auditing, backing up, and storing logs.

I have read many recommendations and requirements ranging from 7
years to one year.
Don't find any legal precedence (gigalaw.com etc.) We are:
A Privately held, non-government, non-healthcare, non-financial US
Company thus not governed by HIPAA or GLBA requirements.

Also - regarding Windows event logs -
Should they be archived in native .evt format?
What does law enforcement consider acceptable evidence?
I know that if data is modified in certain ways it beomes disallowed in a
court of law.

Any experience and opinions would be appreciated.
Back to top
View user's profile Send private message
Mongrel
SF Mod
SF Mod


Joined: 30 May 2002
Posts: 8


Offline

PostPosted: Fri Aug 22, 2003 7:57 pm    Post subject: Reply with quote

Since noone is willing to step up to the plate here, maybe I'll rephrase the
question - Does ANYONE archive log files? If so, which ones, what format,
how long?

Anyone have ANY experience with legal issues requiring archived logfiles
of ANY type?
Back to top
View user's profile Send private message
Bog
Just Arrived
Just Arrived


Joined: 23 Aug 2003
Posts: 2
Location: Toronto, Ontario Canada

Offline

PostPosted: Sat Aug 23, 2003 7:26 pm    Post subject: NERC Reply with quote

NERC requires log retention of 6 months.

This is the strategy we're going with.

Once you determine how much space logs take up and the cost to retain management will be very quick to pick the minimum requirements.
Back to top
View user's profile Send private message
Mongrel
SF Mod
SF Mod


Joined: 30 May 2002
Posts: 8


Offline

PostPosted: Sun Aug 31, 2003 8:09 am    Post subject: Reply with quote

bog - Thanks very much for your input. Space isn't an issue really. And
management is clueless on the technical side. We have no ready access
to legal counsel on the matter. That may be the next step but Mgmt has
what they consider bigger fish to fry - like keeping the company afloat on
a daily basis.

I really just need to put forth reasonable justification and research but I
really don't find much info out there save military requirements. Trying to
find a compromise between that and nothing at all. I'd also like to
compare the retention time and format that others use and their
justifications for it.
Back to top
View user's profile Send private message
alexander
Just Arrived
Just Arrived


Joined: 18 Jun 2003
Posts: 0


Offline

PostPosted: Mon Sep 01, 2003 2:08 pm    Post subject: Reply with quote

What do you want to be able to use the audit logs for?

Without knowing this and also what level of auditing you intend to set up (presumably derived from your sy policy) it is difficult to make any suggestions.

If you decide to audit everything space could well become an issue. Shocked

I would always leave logs in their original format, but it is really depends on what you wish to use the audited info for hence my first q above.

Regards
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register