I was thinking about logs the other day :-)
And the following thought occurred to me: Logs = accountability.
So, what is accountability, really? Wikipedia defines it as "Accountability is a concept in ethics with several meanings. It is often used synonymously with such concepts as answerability, enforcement, responsibility, blameworthiness, liability and other terms associated with the expectation of account-giving."
Yes, there are many other mechanisms of accountability in an organization, but logs are the one that pervades all IT. And if you IT is not accountable, your business is neither. Thus, if you tend to not be serious about logs, be aware that you are not serious about accountability. Is that the message your organization wants to be sending?
Ignoring logs is not just stupid (due to losing that important resources for troubleshooting and security), it is not only illegal (due to various regulations), but it is also unethical! :-)
UPDATE: OMG, how can I miss it when writing this post. Dan Geer's classic testimony before "Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology" succinctly states: "Priority number five: Accountability, not access control." He then explains how accountability and monitoring succeed and shine when access control and restrictions fail.
No comments:
Post a Comment