Sage Advice - Cybersecurity Blog

Information Security Compliance Standards for Event Log Management

log-mangement-regsMonitoring event logs is more than just good policy for securing an IT infrastructure – it is also an integral part of complying with a number of information security compliance standards. These regulations span multiple industries, from financial to healthcare to general business. Following are some insights into these regulatory requirements, and ways that event log management can help your firm comply.

Gramm-Leach-Bliley Act (GLBA)

Also known as the Financial Modernization Act of 1999, the IT security compliance standards in GLBA outlined a number of security protocols that financial institutions must follow in order to protect their customer’s information. The GLBA standards for safeguarding information cite that banks must protect against any anticipated threats or hazards to the security of information, and protect against any unauthorized access to or use of that information. They also must monitor systems to detect actual and attempted attacks on or intrusions into customer information systems. GLBA dictates that banks and financial institutions monitor activity captured by network device event logs – and that they are reviewed on a regular and timely basis.

The Sarbanes-Oxley Act (SOX)

The Sarbanes-Oxley Act of 2002 requires all U.S. public company boards, management, and public accounting firms to establish a variety of internal controls, including securing their information technology infrastructures. One of the approved frameworks is that of COBIT: Control Objectives of Information and Related Technology, a set of best practices created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI).

COBIT requires companies to perform frequent IT security audits, both from personnel within and without its internal organization, to evaluate and mitigate risk to information. Event logs capture vital information on attempted and successful breaches, and are an integral resource for complying with SOX requirements.

Payment Card Industry Data Security Standard (PCI DSS)

The PCI DSS is a set of contractual requirements for enhancing security of payment cardholder data. It was developed by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa to help facilitate global adoption of consistent data security measures.

The PCI DSS applies to any entity that stores, processes, and/or transmits cardholder data. If a business accepts or processes payment cards, it must comply with the PCI DSS.

Requirement 10 states you must track and monitor all access to network resources and cardholder data. “Logging mechanisms and the ability to track user activities are critical in preventing, detecting, or minimizing the impact of a data compromise. The presence of logs in all environments allows thorough tracking, alerting, and analysis when something does go wrong. Determining the cause of a compromise is very difficult, if not impossible, without system activity logs.

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA was enacted by the U.S. Congress in 1996 to protect health insurance coverage for workers and their families when they change or lose their jobs. In addition, HIPAA requires firms to regulate the security and privacy of health data by providing administrative, physical, and technical safeguards.

Recognizing that electronic technology could erode the privacy of health information, the regulation incorporates provisions for safeguarding the security and privacy of personal health information. Each firm must establish processes for securing access to workstations and IT devices that contain patient data, documenting breaches, and reporting them to authorities.

In addition, each firm is responsible for ensuring the same security levels for their external vendors that access their systems. Data contained in network and technology device event logs are key to uncovering attempted and actual security breaches.

Free Download: Ransomware Survival Guide

We’ve all seen the headlines. Ransomware attacks are escalating. It’s essential that your organization has the proper controls in place to defend your organization against an attack. But defense strategies are not enough. With some ransomware strains touting success rates of 40% or higher, it’s even more important that your organization is prepared to confidently respond to, and survive, a ransomware attack. Download our Ransomware Survival Guide to arm yourself with the knowledge you need to defend against and prepare for an attack.

Go to Download


Topics: Compliance, Log Analysis

The Tyler Cybersecurity Lifecycle

Cybersecurity isn’t a destination.

Cybersecurity Lifecycle

There is no single, straight path that will get you to the point where you can say, “We did it! We’re 100% cyber-secure.”

A more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions, so you can withstand and recover rapidly from disruptions. Achieving cyber resilience depends on what we like to call the cybersecurity lifecycle – an ongoing cycle of interconnected elements that compliment and reinforce one another.

Learn More