|

Computer Security

»

Security - Management

Duration of log retention?

View: New views

7 Messages — Rating Filter: Alert me

	Duration of log retention? by Doug Fox :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. I am searching for retention duration for various logs. Any input are much appreciated. Firewall log - 1 year IDS log - 1 year IPS log - 1 year Router log - 1 year Switch log - 1 year Windows server: Security log - 1 year Windows server: Application log - 3 months Windows server: Systems log - 3 months *IX server - security log equivalent - 1year RACF (mainframe) logs - 1 year Database - ?? log What-else have I missed? Many thanks in advance. DF
	Re: Duration of log retention? by 黄敏 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Anti-Virus log? are you working for a security event managemnet project? ----- Original Message ----- From: dfox168@... To: security-management@... Sent: Thursday, June 08, 2006 10:04 AM Subject: Duration of log retention? I am searching for retention duration for various logs. Any input are much appreciated. Firewall log - 1 year IDS log - 1 year IPS log - 1 year Router log - 1 year Switch log - 1 year Windows server: Security log - 1 year Windows server: Application log - 3 months Windows server: Systems log - 3 months *IX server - security log equivalent - 1year RACF (mainframe) logs - 1 year Database - ?? log What-else have I missed? Many thanks in advance. DF
	RE: Duration of log retention? by Warren V Camp :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. The retention of company data is a legal question, not an IT question to answer. The reason it is a legal question is the the company is require to meet or exceed the data retention requirements of the SEC, SOX, IRS, external and internal audit requirements. If you do not have any other guidance keep security logs, logs that monitor administrative and configuration changes and usage, and logs that monitor changes in production data for a minimum of 15 months. Warren V. Camp, CPA, CISA, MS, MBA Warren V. Camp, CPA, LLC Risk Mgt, SOX, GCC, Audit/Log Mining 703.919.3208 (mobile) From: Doug Fox [mailto:dfox168@...] Sent: Wednesday, June 07, 2006 10:04 PM To: security-management@... Subject: Duration of log retention? I am searching for retention duration for various logs. Any input are much appreciated. Firewall log - 1 year IDS log - 1 year IPS log - 1 year Router log - 1 year Switch log - 1 year Windows server: Security log - 1 year Windows server: Application log - 3 months Windows server: Systems log - 3 months *IX server - security log equivalent - 1year RACF (mainframe) logs - 1 year Database - ?? log What-else have I missed? Many thanks in advance. DF
	RE: Duration of log retention? by Robert Hines :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Correct, The regulatory legalities and nature of the business are the driving factors. Quando Omni Flunkus Moritati -------------- Original message -------------- From: "Warren Camp" <wcamp@...> The retention of company data is a legal question, not an IT question to answer. The reason it is a legal question is the the company is require to meet or exceed the data retention requirements of the SEC, SOX, IRS, external and internal audit requirements. If you do not have any other guidance keep security logs, logs that monitor administrative and configuration changes and usage, and logs that monitor changes in production data for a minimum of 15 months. Warren V. Camp, CPA, CISA, MS, MBA Warren V. Camp, CPA, LLC Risk Mgt, SOX, GCC, Audit/Log Mining 703.919.3208 (mobile) From: Doug Fox [mailto:dfox168@...] Sent: Wednesday, June 07, 2006 10:04 PM To: security-management@... Subject: Duration of log retention? I am searching for retention duration for various logs. Any input are much appreciated. Firewall log - 1 year IDS log - 1 year IPS log - 1 year Router log - 1 year Switch log - 1 year Windows server: Security log - 1 year Windows server: Application log - 3 months Windows server: Systems log - 3 months *IX server - security log equivalent - 1year RACF (mainframe) logs - 1 year Database - ?? log What-else have I missed? Many thanks in advance. DF
	RE: Duration of log retention? by Marcone Almeida :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. In Brazil for example, the civil laws impose 5 years of retention of logs! Marcone Almeida Federal University of Mato Grosso - Brazil *Warren Camp <wcamp@...>* escreveu: The retention of company data is a legal question, not an IT question to answer. The reason it is a legal question is the the company is require to meet or exceed the data retention requirements of the SEC, SOX, IRS, external and internal audit requirements. If you do not have any other guidance keep security logs, logs that monitor administrative and configuration changes and usage, and logs that monitor changes in production data for a minimum of 15 months. Warren V. Camp, CPA, CISA, MS, MBA Warren V. Camp, CPA, LLC Risk Mgt, SOX, GCC, Audit/Log Mining 703.919.3208 (mobile) From: Doug Fox [mailto:dfox168@...] Sent: Wednesday, June 07, 2006 10:04 PM To: security-management@... Subject: Duration of log retention? I am searching for retention duration for various logs. Any input are much appreciated. Firewall log - 1 year IDS log - 1 year IPS log - 1 year Router log - 1 year Switch log - 1 year Windows server: Security log - 1 year Windows server: Application log - 3 months Windows server: Systems log - 3 months *IX server - security log equivalent - 1year RACF (mainframe) logs - 1 year Database - ?? log What-else have I missed? Many thanks in advance. DF __________________________________________________ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/
	Re: Duration of log retention? by Joseph Shaw :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Doug, There are many factors involved in determining retention periods for log file data. First, there are no blanket answers because everyone's requirements are different. Are you under any legal requirements, either contractual (business partner requirements like VISA/MC PCI) or regulatory(FDIC/SEC regulations, GLB, SOX, HIPAA, etc.), that might dictate log file retention periods? If so, then follow the guidelines that are applicable to you. If more than one is applicable to you, follow the one that has the longest retention time. Also realize that there are differences in the types of data retained in some of these requirements, and some dictate whether the data is stored online/offline and how long you have to produce the data once it is requested. All of this should be reflected in your data retention policies and procedures. Once you get past the legal requirements, you then worry about the technology aspect. How much data are you seeing already in the environment and how much data could you keep online vs. stored on tape and shipped off site? What is the purpose of the data; are you planning on using it for audit, incident investigation and response, or some other purpose? If your legal staff says that you are not under any legal requirements to hold log file data, I would personally feel comfortable with a minimum retention period of at least 12 months for any access control and audit logs. Store the previous month's data online (no more than 62 days online at a time), and write the rest to tape for off site storage should you need them later. Keep them on tape longer if it makes you feel better, though legal departments tend to be of the opinion that disposing of logfile data as soon as legally possible is the best approach, especially if they've been the target of a lawsuit that require them to produce possibly incriminating data. -- Joseph W. Shaw, II CISSP, CCNA Sr. Consultant - Solving IT! On 6/7/06, Doug Fox <dfox168@...> wrote: I am searching for retention duration for various logs. Any input are much appreciated. Firewall log - 1 year IDS log - 1 year IPS log - 1 year Router log - 1 year Switch log - 1 year Windows server: Security log - 1 year Windows server: Application log - 3 months Windows server: Systems log - 3 months *IX server - security log equivalent - 1year RACF (mainframe) logs - 1 year Database - ?? log What-else have I missed? Many thanks in advance. DF
	Re: Duration of log retention? by Chris Dalton-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Check with your internal or external auditors. There may be guidelines they want you to comply with. What is maintained may be dependent on the risk of the activity. The system owner should perform a risk assessment of the system. This risk assessment should guide you in retention. Chris G. Dalton C.P.A. Corporate Audit Services Capital One Financial 1-504-533-6419 phone 1-504-533-2355 fax >>> "" <huangmin@...> 06/11/06 7:51 AM >>> Anti-Virus log? are you working for a security event managemnet project? ----- Original Message ----- From: Doug Fox To: security-management@... Sent: Thursday, June 08, 2006 10:04 AM Subject: Duration of log retention? I am searching for retention duration for various logs. Any input are much appreciated. Firewall log - 1 year IDS log - 1 year IPS log - 1 year Router log - 1 year Switch log - 1 year Windows server: Security log - 1 year Windows server: Application log - 3 months Windows server: Systems log - 3 months *IX server - security log equivalent - 1year RACF (mainframe) logs - 1 year Database - ?? log What-else have I missed? Many thanks in advance. DF

LightInTheBox - Buy quality products at wholesale price