Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Duration of log retention?

from [Marcone Almeida] Network Security [Permanent Link]
Subject: RE: Duration of log retention?
Date: Tue, 13 Jun 2006 11:03:06 -0300 (ART) 

 In Brazil for example, the civil laws impose 5 years of retention of logs! 
 
 Marcone Almeida 
 Federal University of Mato Grosso - Brazil 


Warren Camp <wcamp@cox.net> escreveu:       The retention of company data is a 
legal question, not  an IT question to answer.  The reason it is a legal 
question is the the  company is require to meet or exceed the data retention 
requirements of the SEC,  SOX, IRS, external and internal audit requirements.  
If you do not have any  other guidance keep security logs, logs that monitor 
administrative and  configuration changes and usage, and logs that monitor 
changes in production  data for a minimum of 15 months.
  
  
 Warren V. Camp, CPA,  CISA, MS, MBA
 Warren V. Camp, CPA, LLC
 Risk Mgt, SOX, GCC, Audit/Log  Mining
703.919.3208 (mobile)
  

  
---------------------------------
 From: Doug Fox [mailto:dfox168@hotmail.com]  
Sent: Wednesday, June 07, 2006 10:04 PM
To:  security-management@securityfocus.com
Subject: Duration of log  retention?


 
 I am searching for retention duration for  various logs.  Any input are much 
appreciated.   
 Firewall log - 1 year
 IDS log - 1 year
 IPS log - 1 year
 Router log - 1 year
 Switch log - 1 year
 Windows server: Security log - 1  year
 Windows server: Application log - 3  months
 Windows server: Systems log - 3 months
 *IX server - security log equivalent -  1year
 RACF (mainframe) logs - 1 year
 Database - ?? log
 What-else have I missed?
  
  
 Many thanks in advance.
  
 DF



 __________________________________________________
Fale com seus amigos  de graça com o novo Yahoo! Messenger 
http://br.messenger.yahoo.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Duration of log retention?, Joseph Shaw
Next by Date:  Re: Re: Do Security Department owns and operates security infrastructure?, jay.tomas
Previous by Thread:  RE: Duration of log retention?, Warren Camp
Next by Thread:  Re: Duration of log retention?, Joseph Shaw
Indexes:  [Date] [Thread] [Top] [All Lists]