Month: July 2007

Log management in the age of compliance

Posted on by admini

While many criticize FISMA for being all documentation and no action, the law simply emphasizes the need for each federal agency to develop, document and implement an organizationwide program to secure the information systems that support its operations and assets. NIST SP 800-53, Recommended Security Controls for Federal Information Systems, describes log management controls including the generation, review, protection and retention of audit records, plus steps to take in the event of audit failure. It describes the need for log management in federal agencies and ways to establish and maintain successful and efficient log management infrastructures — including log generation, analysis, storage and monitoring.

NIST 800-92 discusses the importance of analyzing different kinds of logs from different sources and of clearly defining specific roles and responsibilities of those teams and individuals involved in log management.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines relevant security standards for health information.

NIST SP 800-66, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act Security Rule, details log management requirements for the securing of electronic protected health information.

The Payment Card Industry Data Security Standard (PCI-DSS), which applies to organizations that handle credit card transactions, mandates logging specific details and log review procedures to prevent credit card fraud, hacking and other related problems in companies that store, process or transmit credit card data.

Logs, which by nature allow for tracking IT infrastructure activity, are the best way to assess if, how, when and where a data breach has occurred. The major effect the age of compliance has had on log management is to turn it into a requirement rather than just a recommendation, and this change is certainly to the advantage of any organization subject to these regulations. It is easy to see why log collection and management is important, and the explicit inclusion of log management activities in major regulations like FISMA, HIPAA and PCI-DSS highlights how key it truly is to enterprise security as well as broader risk management needs.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9027080

Read more

Financial Institutions Warned New Fast Phishing Kit Found

Posted on by admini

Gaffan noted when the RSA Anti Fraud Command Center (AFCC) found the new type of phishing kit they found it is actually a single file which creates an entire phishing site on a compromised server when “double-clicked” on, similar to “.exe” installation files.

This is a change from traditional phishing sites that usually include various files which are installed on a compromised server where the attack is hosted. The convenience of creating phishing attacks with the “plug-and-play” phishing kit has no impact on how these attacks are detected and mitigated. “The others who were attacked, were payment oriented sites, or have access to customer credentials,” he noted.

The trends RSA sees in the type of bank or credit union being attacked, Gaffan noted is the further penetration to smaller, regional banks and credit unions. They are now targeting small credit unions, with smaller pools of members and getting a small percentage of bites, Gaffan explained. One reason for the phishers moving down the scale is that the larger institutions are better prepared for takedown and countermeasures. Another type of phishing hitting regional banks and credit unions is “spear phishing,” Gaffan said. The phisher’s chance of getting a high hit rate is based on people feel more secure banking at a smaller institution, Gaffan explained.

http://www.bankinfosecurity.com/articles.php?art_id=499

Read more