It might seem obvious to have log standards that would account for any deviations among items such as public servers of an organization that are placed in a DMZ so as to separate their Internet presence from their LAN, thereby not compromising the integrity of data within the rest of the organization. Then I began to think about why in today’s technology world, why would large companies have an issue with maintaining proper logs. Using a retail example as the author did in Beautiful Security, I thought of the merger in 2005 of Sears Roebuck and Kmart stores. Without having specific knowledge of their issues of combining the data into one source, I am sure that both of them operated on two very different legacy systems that had issues with converting the data, thereby making accurate logs virtually impossible.
There is a very large Healthcare facility in the town that I live in with over 100 doctors of various practices. This facility is owned and operated by a larger corporation, which owns other such facilities. They grew this large by acquisition of other practices and like facilities. There is no doubt that there had to be a major undertaking to have all of the data merged into one system so as to abide by the HIPPA law. I tried to find an example of a major intrusion of a corporation due to improper log information, but that data seemed to be too vague since I wasn’t exactly sure what I was looking for. So, in the case of the local healthcare facility, I am sure that their IT staff is highly trained in the conversion of data and the challenges with keeping accurate logs.
In any case, world governments and Fortune 100 companies realize the need to rid themselves of the legacy systems of their past, and get the data onto one platform so that proper logging can take place to not only prevent an invasion, abide by certain laws but to also perform due diligence in identifying the culprit of the attack.
HIPPA. (2011). Health Information Privacy. 2011, from http://www.hhs.gov/ocr/privacy/
Mitre. (2011). A Standardized Common Event Expression (CEE) for Event Interoperability. 2011, from http://cee.mitre.org/
Oram, A., & Viega, J. (Eds.). (2009). Beautiful security: O'Reilly Media, Inc.