Search This Blog

Saturday, January 29, 2011

EM835 week V

     In the chapter Beautiful Log Handling, the author states “Today’s growing log standard efforts (such as MITRE’s Common Event Expression or CEE) will lead first to the creation of log standards and ultimately to their adoption.” (Oram & Viega, 2009) In fact, the author’s example of MITRE Corporation already currently provides and partners security efforts such as Malware (MAEC), Attack Patterns (CAPEC) and Vulnerabilities (CVE) among other standards that are partnered with and/ or co-sponsored by such agencies as the National Cyber Security Division of the U.S. Department of Homeland Security. (Mitre, 2011) In fact, if not for the threat of malicious attacks on the part of other countries (in regard to the security of the U.S.), attacks on retail competitors (as an example) and the important data that is stored, how the logs are handled is critical. In fact, an example that the author uses is the need to abide by laws such as the Health Insurance Portability and Accountability Act. (HIPPA, 2011)

     It might seem obvious to have log standards that would account for any deviations among items such as public servers of an organization that are placed in a DMZ so as to separate their Internet presence from their LAN, thereby not compromising the integrity of data within the rest of the organization. Then I began to think about why in today’s technology world, why would large companies have an issue with maintaining proper logs. Using a retail example as the author did in Beautiful Security, I thought of the merger in 2005 of Sears Roebuck and Kmart stores. Without having specific knowledge of their issues of combining the data into one source, I am sure that both of them operated on two very different legacy systems that had issues with converting the data, thereby making accurate logs virtually impossible.

     There is a very large Healthcare facility in the town that I live in with over 100 doctors of various practices. This facility is owned and operated by a larger corporation, which owns other such facilities. They grew this large by acquisition of other practices and like facilities. There is no doubt that there had to be a major undertaking to have all of the data merged into one system so as to abide by the HIPPA law. I tried to find an example of a major intrusion of a corporation due to improper log information, but that data seemed to be too vague since I wasn’t exactly sure what I was looking for. So, in the case of the local healthcare facility, I am sure that their IT staff is highly trained in the conversion of data and the challenges with keeping accurate logs.

     In any case, world governments and Fortune 100 companies realize the need to rid themselves of the legacy systems of their past, and get the data onto one platform so that proper logging can take place to not only prevent an invasion, abide by certain laws but to also perform due diligence in identifying the culprit of the attack.


HIPPA. (2011). Health Information Privacy. 2011, from

Mitre. (2011). A Standardized Common Event Expression (CEE) for Event Interoperability. 2011, from

Oram, A., & Viega, J. (Eds.). (2009). Beautiful security: O'Reilly Media, Inc.

No comments:

Post a Comment