Linda W. Perkins

Managing the Audit Trail: The Foundation for a Legal Offensive (Ghost Written Placed Article)

Larstan Publishing - March 01, 2002

If companies don't take ownership of protecting their data assets and prosecuting those who threaten them, it is very likely that no one else will. That's because, according to industry analysts, "cybercriminals" have little to fear from law enforcement.

A 2001 CSI/FBI study indicates that up to 85 percent of businesses suffer computer security breaches each year and those breaches, according to another study by Exodus Communications, account for over $200 billion in annual losses. And yet, law enforcement funding for cybercrime investigation in the United States only covers about 300 federal agents - less than 0.1 percent of the 600,000 law enforcement agents serving the United States.

"People and businesses on the Internet must be responsible for their own electronic security, just as they are now largely responsible for the security of their homes [and businesses]. They must watch their transaction records with hawk-like vision," says Gartner Vice President Richard Hunter.

For most transaction-intensive companies, that creates a need for a busy hawk indeed. The problem of most corporations is not the absence of data on potential threats; the strategic challenge lies in developing a way to effectively sort through thousands of pieces of information to create a coherent picture of a company's exposure to credible threats.

"In traditional auditing paradigms, security and systems administrators have to check all of the logs from all of the servers and workstations to find out where and how problems occurred. If an enterprise network is knocked out of commission, this process is extremely time-consuming and can cost hundreds of thousands of dollars per day in system down time and lost productivity," says Umesh Verma, Chief Executive Officer of Blue Lance, Inc., a Houston-based developer of security software for Windows NT and NT/Novell networks.

Unfortunately, IT security managers frequently do not have the time or resources to engage in these kinds of investigations with traditional auditing methodologies.

(click link below for full article)