- BrightTalk – Detecting dangerous user behavior: Use cases from SANS & LogRhythm
This webinar covers uses cases that support automating the detection of dangerous user behavior.
- CSO – Why you need Centralized logging and event log management
CSO Online article presenting the importance and challenges of centralized logging and event log management.
- Environmental Protection Agency – Audit and Accountability Procedure
This example procedure from the EPA shows how they iplement the security control requirements for the Audit and Accountability (AU) control family, as identified in NIST SP 800-53.
- Gartner – Insider Risk Management Solutions Reviews and Rankings
Gartner defines insider risk management (IRM) as the tools and capabilities to measure, detect and contain undesirable behavior of trusted accounts within the organization. In response to a recognized need to minimize the effects of unwanted activity within the organization and key partners, security and risk management leaders have to mitigate risk. This market consists of tools and solutions to monitor the behavior of employees, service partners and key suppliers working inside the organization, and to evaluate whether behavior falls within expectations of role and corporate risk tolerance. Insider risk may involve errors, fraud, theft of confidential or commercially valuable information, or the sabotage of computer systems.
- How to Stay HIPAA Compliant with Audit Logs
This article gives an overview of how to stay HIPAA compliant by maintaining good audit log hygiene.
- log.io – The Complete Guide to the ELK Stack
This is an article from logz.io that speaks to defining the elk stack, the importance, installation and configuration of it.
- logz.io – Using Audit Logs for Security and Compliance
Blog from logz.io discussing audit logs, what they are, and how to use them.
- logz.io – What Is User Activity Monitoring?
This article discusses how User Activity Monitoring (UAM) can be used to thwart insider threats. The article discusses legal and ethical aspects of user activity monitoring and best practices.
- Microsoft – Basic Security Audit Policy Settings
Microsoft support document providing details on setting up basic audit policy settings.
- Microsoft – Manage Dataverse auditing
The Dataverse auditing feature is designed to meet the external and internal auditing, compliance, security, and governance policies that are common to many enterprises. Dataverse auditing logs changes that are made to customer records in an environment with a Dataverse database. Dataverse auditing also logs user access through an app or through the SDK in an environment.
- Microsoft – Search the audit log in the compliance portal
This provides information on how to setup O365 organizations to log and review audit events.
- NIST SP 800-53: AU-6(4) Audit Review, Analysis, and Reporting | Central Review and Analysis
NIST resource that defines requirements on how to review and analyze system audit records.
- NIST SP 800-53: SI-4 Information System Monitoring
This publication from NIST provides an overview of the SI-4 Information System Monitoring control.
- NIST SP 800-92 Guide to Computer Security Log Management
This NIST Special Publication provides practical guidance on developing and maintaining effective log management practices.
- Norfolk State University – Audit Review, Analysis, and Reporting Policy
This link from Norfolk State University serves as is an example of a log review, analysis, and reporting policy.
- Open Web Application Security Project (OWASP) – Logging Cheat Sheet OWASP
This cheat sheet covers all of the important aspects of logging such as what to include and how long to retain among others.
- Proofpoint – The Importance of Enterprise Scale for User Activity Monitoring
This blog discusses the biggest IT security threat facing companies today, their authorized users.
- SANS – Information Logging Standard
This policy from SANS helps identify requirements that must be met by a system to generate logs.
- SANS – Critical Log Review Checklist For Security Incidents
SANS checklist for reviewing critical logs when responding to a security incident or for routine log review.
- SANS Whitepaper – Log Management Strategies
This SANS whitepaper offers common elements to success for log management, in order to prepare for regulatory compliance audits.
- TechTarget – Security Log Management and Logging Best Practices
Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions.