Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: Auditing requirements

Auditing requirements

From: King, Gregory <cxz9_at_cdc.gov>
Date: Wed, 2 Mar 2005 18:41:55 -0500

Hello and good day to all...

I currently work in the Federal section performing IT security, which we all know because of FISMA requirements all Federal agencies are now required to perform security assessments in accordance with (IAW) NIST 800-26 and blah blah...The biggest issue thus far complying to the standards illustrated in the SP is that auditing is too cumbersome to enable at the database level due to performance concerns. Can someone better justify why auditing should not be turned on at the database level other than a decrease in performance? What are the some of the factors I should key on besides that it is a requirement and a recommended security control mechanism?

Regards,
 
Gregory A. King Sr.
KMT Security Lead
Strategic National Stockpile
Office: 404-687-6591
Mobile: 678-296-6256
eMail: cxz9_at_cdc.gov
 
Received on Mar 03 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos