This is the sixteenth post in the long, long series (part 1, part 2, part 3, part 4, part 5, part 6, part 7, part 8, Part 9, part 10, part 11, part 12, part 13, part 14, part 15). A few tips on how you can use it in your organization can be found in Part 1. You can also retain me to customize or adapt it to your needs.
In addition for compliance evidence, validation activities can be used to report the success of a log management program, processes and procedures to senior management.
The data accumulated in the above sections as proof of organization-wide PCI DSS compliance can also be used for management reporting. Specifically, the following are useful reports that can be produced from the data:
· Presence and adequacy of logging
o Percentage of all systems / regulated data systems covered by logging (the latter should be 100%)
· Presence of defined log review processes and their implementation
o Log policy and procedure changes
o Application under log review
o Log entries reviewed
· Exception handling process and its implementation
o Log exceptions handled by type, analyst name, etc
o Exception escalated to incident response
o (if relevant) Risk reduced due to timely escalation or incident prevention
o Resources saved due to timely escalation or incident prevention
o Application performance improvement due to log review
· Other log management program reporting
o Overall compliance readiness (PCI DSS and other)
Finally, let’s summarize all periodic operational tasks the organization should be executing in connection with log review.
Cross-posted from Security Warrior