557 comments posted · 305 followers · following 0
>Security can hand a checklist to the admins and say "we need this".
Agreed, but sadly, such per-OS checklists don't exist in one place. In the good old times (mid-1990s) some people maintained them, but this effort is kinda ... not alive now.
Jeff Hall 3:55 AM
Here's my entry. And since it involves log management and analysis, it should be an automagic winner. LOL
A very large retailer decides to reorganize their IT department to be more responsive and reactive. As part of that reorganization, they create a group titled 'Enterprise Monitoring' that is responsible for the care/feeding of the log management and analysis solutions. Centralized personnel that actually do the monitoring are pushed out to the business units where, according to IT management, the actual monitoring belongs.
Everyone at the meeting announcing this decision says that the name. Enterprise Monitoring, needs to be changed because it gives the impression that the group does the monitoring, but they are over ruled.
Spin ahead almost a year later to their PCI assessment. The monitoring personnel that were pushed out to the business units were, surprise/surprise, were seen as new bodies that could be used for everything BUT monitoring. So, we have great log management and analysis solutions running, but no one has been monitoring anything for almost a year! When asked, the business units point to the Enterprise Monitoring group and say that it is their responsibility because they are 'Enterprise Monitoring'. DUH!