Session recording

Kenny Lussier klussier at gmail.com
Wed Apr 2 12:15:40 EDT 2008


On Wed, Apr 2, 2008 at 11:32 AM, Michael ODonnell
<michael.odonnell at comcast.net> wrote:
>
>
>  >> Many of the suggestions made so far seem to assume that the users
>  >> are cooperative and will not try to defeat any of the suggested
>  >> "auditing" mechanisms.  Is that assumption correct?
>  >
>  > That is a safe assumption.  The users are the ones that have asked
>  > for better monitoring then what is done now.  It is as much for
>  > their protection as it is for the company and legal compliance.
>
>  Hrrmmmm.  Well, if your users just want an informal reminder of
>  What Happened When, then fine - you may very well end up with a
>  workable solution using some or all of the measures suggested here.
>
>  But I'd be amazed (depressed, also) if any of the "audit logs" so
>  generated meet the requirements for complying with any existing,
>  enforceable law, since many of the knobs and levers are manipulable
>  by the processes that are supposedly being audited.  Would you
>  care to mention the law(s) in question?

I may have over-simplified the situation in that statement. We are
dealing with PCI (Payment Card Industry) compliance. The reason that
the users of the systems in question want better audit trails is
because they are the same people that need to deal with the auditors.
We are currently working on a "more is better" theory, and trying to
capture everything possible in a usable manner, then scale it back
from there. We already have a home-grown system in place that meets
the (current) standards, but it is not very flexible, and moving
forward to meet the constantly changing specs is becoming extremely
difficult. This is all a top-layer of logging in addition to all of
the other security systems that we have in place to do various pieces.

Thanks,
Kenny


More information about the gnhlug-discuss mailing list