Professional Documents
Culture Documents
25%
64%
JOURNALONLINE
Tapes
E-mail
monthly
Online retention
1-6
1-7 years
3+ months years days 90
Offline retention 1+
1-6
90
1-7 years
Backup of audit
trails to
separate media
Monitoring as a Service
JOURNALONLINE
Attack Recognition
Attack recognition generally is done by pattern matching,
anomaly detection or rule creation.
Pattern matching refers to the method of being able to
match patterns of data. Examples where this is most
commonly used include (US) Social Security and credit card
numbers. Some database appliances have credit card
validation code in them to reduce false positives.
Anomaly detection or behavioral fingerprinting refers to
behavior that the monitoring software defines as not
normal. Most database appliances are put into an observation
mode for a length of time, so that they can baseline activity.
Database activity tends to be normalized, so this kind of
alerting tends to be reasonably accurate. Some platforms have
a feature called intelligent learning where it learns new sets
of behavior. This feature is known as behavioral dynamic and
normally is done in a 30-day rolling period.
3
Endnotes
Ponemon Institute, Survey on the Business Impact of Data
Breach, commissioned by Scott & Scott LLP,
www.scottandscottllp.com and www.ponemon.org
2
Privacy Rights Clearinghouse, chronology of data breaches,
www.privacyrights.org/ar/ChronDataBreaches.htm
3
Gaudin, Sharon; Despite Deluge of Data Losses, 40%
Dont Monitor Databases, InformationWeek, 5 June 2007,
www.informationweek.com/management/showArticle.jhtml?
articleID=199900995&cid=RSSfeed_IWK_News
4
Commmittee of Sponsoring Organizations of the Treadway
Commission, Internal ControlIntegrated Framework,
Guidance on Monitoring Internal Control Systems,
September 2007, www.coso.org/Publications/
COSO_Monitoring_discussiondoc.pdf
5
Oracle support for Syslog can be found at http://downloaduk.oracle.com/docs/cd/B19306_01/network.102/b14266/what
snew.htm#i970212.
6
Roiter, Neil; Compliance, Data Breaches Heighten
Database Security Needs, Information Security Magazine,
16 August 2007
7
MasterCard Worldwide, Site Data Protection, Program
Update, 9 October 2006, www.mastercard.com/us/sdp/
assets/pdf/SDP_Presentation.pdf
1
Authors Note:
The author would like to thank Scott B. Smith and Jenna
Sindle for editorial and technical assistance
Sushila Nair, CISA, CISSP, BS 7799 LA
is a product manager at BT Counterpane, responsible for
compliance products. Nair has 20 years of experience in
computing infrastructure and business security and a diverse
background including work in the telecommunications sector,
risk analysis and credit card fraud. She has worked with the
insurance industry in Europe and the US on methods of
quantifying risk for e-insurance based on ISO 27001. She was
instrumental in creating the first banking group in Malaysia
focused on using secondary authentication devices for
banking transactions. Nair has worked extensively with
customers of BT to develop monitoring solutions that meet
the needs of regulatory compliance, including that of the
Payment Card Industry Data Security Standard.
Information Systems Control Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to
the Information Systems Control Journal.
Opinions expressed in the Information Systems Control Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT
Governance Institute and their committees, and from opinions endorsed by authors employers, or the editors of this Journal. Information Systems Control Journal does not attest to the originality of
authors' content.
2008 ISACA. All rights reserved.
Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the
association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, Mass. 01970, to photocopy articles
owned by ISACA, for a flat fee of US $2.50 per article plus 25 per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article.
Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly
prohibited.
www.isaca.org