Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [CISSP-D] Security Officer privileges over audit logs?????

from [Tracy Blackmore] Network Security [Permanent Link]
Subject: RE: [CISSP-D] Security Officer privileges over audit logs?????
Date: Tue, 14 Dec 2004 06:22:04 -0700 


Ali;
 
That all depends...
 
If you're speaking of his ability to review the system generated audit logs, or 
even 'control' the system generated audit logs after creation then I would say 
that it is his/her job to do so.
 
I'm guessing that you are looking for a conflict of interest here.  If that is 
the case then managing the logs after generation is not a conflict.  Good 
system administrators regularly review their systems audit logs.
 
If, on the other hand, the QSEC was the one generating/creating the audit logs 
(actually sitting down at the terminal and choosing what information will be 
included in the report) then you might have a conflict.  In this case, they 
would have the ability to NOT add information to the report, maybe information 
that would implicate a friend?
 
So to boil it down, if the QSEC has the ability to add/change/delete 
information in the audit report I'd be concerned.  If the audit is truly system 
generated and just handed to the QSEC for review or control, I'd say that this 
is completely normal.
 
Tracy
 
T.S. Lad, Inc.
www.tslad.com





------------------------ Yahoo! Groups Sponsor --------------------~--> 
$4.98 domain names from Yahoo!. Register anything.
http://us.click.yahoo.com/Q7_YsB/neXJAA/yQLSAA/kgFolB/TM
--------------------------------------------------------------------~-> 

 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [CISSP-D] Forensic Investigation, Harry Lim
Next by Date:  [CISSP-D] Re: Forensic Investigation, Kate
Previous by Thread:  [CISSP-D] Security Officer privileges over audit logs?????, ali abbas zaidi
Next by Thread:  [CISSP-D] Forensic Investigation, Harry Lim
Indexes:  [Date] [Thread] [Top] [All Lists]