The most trusted source for computer security training, certification and research.

select a course
Washington, DC - July 12 - 14, 2006
Global Information Assurance Certification

Excellent conference I have a ton of stuff to bring back to my company and clients.
-John S. Macy, Network Design Associates

The 2006 Log Management Summit

What Works in Log Management for Compliance, Operations and Security


Dates:

July 12-13, 2006 Log Management Summit
July 14, 2006 Post Summit Courses

Location:

Washington DC, at the Wardman Park Marriott Hotel, in conjunction with SANSFIRE 2006, the largest security conference in Washington, DC, this year.

General Information

Table of Contents

Hours

Log Management Summit
  • July 12-13, 8:00 AM to 5:00 PM plus evening sessions
Post Summit Courses
  • July 14, 2006: 8:00 AM - 12:00 PM and 1:00 - 5:00 PM
Summit Overview
Audit Standards Driving Log Management Acquisition
  • SOX - Sarbanes Oxley Section 404
  • PCI - The Payment Card Industry Standard
  • HIPAA - Health Care Portability and Accountability Act
  • ISO 17799 and ISO 27001 COBIT FISMA - Federal Information Security Management Act
  • FIPS 200 - Federal Information Processing Standard: Minimum Security Requirements For Federal Information Systems and NIST 800-53
  • Graham-Leach-Bailey (GLB)
  • EAL and Common Criteria Evaluation

Nearly every major regulation affecting cyber security now demands continuous logging and effective log management. HIPAA, SOX, ISO 27001. Even the Payment Card Industry (PCI) standard appears to demand it. In short, this is the year that responsible organizations will evaluate log management alternatives, and will most probably buy, upgrade, or make more effective use of a log management system.

Organizations that have implemented log management systems have found that the systems provide far more value than simply meeting compliance requirements. So even if auditors and regulatory compliance demands are driving you to implement log management, it makes business sense to use that technology to improve security, as well. SANS Log Management Summit is the best opportunity to go beyond regulatory demands and ensure your new log management system is doing all that can be done to improve your organization's security.

If you work for one of the more clued-in organizations that are moving ahead to implement automated log management, come learn from the people already using this technology. SANS Log Management Summit focuses on what works well in log management - the best practices.

The Log Management Summit is a user-to-user, non-commercial conference on what works in log management. It is the only place where you can learn about the strengths and weaknesses of competing technologies, where users will share the lessons they learned about what to log and what to keep and what to report. It's also the place where you will get an early look at the results of SANS' assessment of the most effective types of log management intelligence and reporting that improve security.

Register Today
to get answers to these key questions and more in Log Management:
  1. What specific requirements of HIPAA, Sarbanes Oxley and the PCI standard (and other standards and regulations) make log management mandatory?
  2. How can log management data be culled and normalized so every system administrator gets a daily report summarizing just the things he or she needs to know from the logs?
  3. Which logs must be maintained? For how long? In what format? How do you decide?
  4. What specific security events can be flagged through logs and how do you do it? How can advanced intelligence make the information in the logs more valuable?
  5. What are consensus best practices in log management? Which reports are most useful, and how do you create them? How should they be interpreted? How can log management effectively integrate with intrusion detection for maximum value?
  6. What log management and security event management architectures make the most sense in your business environment, with your technological requirements? Which products implement those architectures?
  7. What are the biggest mistake organizations make when they implement log management systems and how can those mistakes be avoided?
  8. What storage solutions are appropriate for handling the huge data volumes that accompany enterprise log management? What are the trade-offs between retrieval and analytical performance and cost?
  9. What is the future of horizon in log management? What new technologies and tools have appeared or soon will?
Why Log Management Matters

Operating system and application logs are an untapped mine of vital information about the health and well-being of an organization's computer infrastructure. When properly configured, these logs record the day-to-day activity of system users; administrative changes made by the folks who manage critical production systems; and capture evidence produced by malicious activity. When log management is working, you can review changes to your operational environment made by system administrators and operators. You can see unusual activity from your authorized users; you will be able to monitor people without credentials who are trying to get in and you can track what they are doing when they do get in. Best of all, with the right logging configuration you'll capture the history of a hacker's activity on your machine, from the establishment of unauthorized accounts to the installation of back-doors, enabling you to quickly isolate and repair affected systems after an intrusion.

All organizations have a responsibility for the contents, protection and ability to produce log files. According to Benjamin Wright, attorney and author of Business Law and Computer Security, "System logs are critical to protect an enterprise under California's Senate Bill 1386. That law requires a holder of personal data to notify the data subject if there exists reason to believe the data's security has been compromised. Clean system logs are the enterprise's proof that it has no reason to suspect a compromise."

The smallest network has numerous devices that generate log data. Servers, routers, firewalls, wireless access points, anti virus systems and most other network components can be set to generate a substantial amount of vital information about the health of the network. Very few companies take advantage of this information; few proactively monitor their system logs, and even fewer have in place the technology and intelligence to efficiently review the logs in the event of an incident. Best practices dictate that logs should be generated, archived and monitored regularly, for oversight of employee activity, as well as for prevention and detection of system outages and security breaches.

Without real log management, organizations are out of compliance and at risk.

The Organizing Committee

The following people are helping to shape the Log Management Summit:

Users:
Chris Calabrese, Large Healthcare
Tom Chmielarski, Motorola
Tom Doughty, Prudential
Bruce Forman, Genesis Health Care
Keith Fricke, Cleveland Clinic Health System
Erik Hart, Cole Taylor
Jay Leek, Major Communications Company
Chad Meade, Large Bank
Chris Milmerstaldt, Fairfield County Bank Corp.
David Monahan, Network Appliance
Kerwin Myers, Hilton
Mark Olsen, Beth Isreal Deaconess Medical Center
Ed Pardo, HSBC
Daniel Reid, CIBC
Rick Rutherford, Sr., Fresno County, CA
Paul Sery, Sandia National Laboratories
Preston Wood, Zions Bank
A. J. Wright, University of Tennessee
Consultants:
Dr. Tina Bird, PGP Corporation
Chris Brenton, Independent Consultant
Mike Poor, Intelguardians
Randy Franklin Smith, Ultimate Windows Security
Solution Providers:
A.N. Ananth, Prism Microsystems
Anton Chuvakin, LogLogic
Eric Fitzgerald, Microsoft
Jim Hansen, Sensage
Brett Hartman, EMC
Catherine Purcell, Network Intelligence
Matt Stevens, Network Intelligence
Glenn Sharlun, ArcSight