Management issues in automated audit analysis
This paper discusses management issues associated with the design and implementation of an automated audit analysis system that we use to detect security events. It gives the viewpoint of a team directly responsible for developing and managing such a system. We use Los Alamos National Laboratory`s Network Anomaly Detection and Intrusion Reporter (NADIR) as a case in point. We examine issues encountered at Los Alamos, detail our solutions to them, and where appropriate suggest general solutions. After providing an introduction to NADIR, we explore four general management issues: cost-benefit questions, privacy considerations, legal issues, and system integrity. Our experiences are of general interest both to security professionals and to anyone who may wish to implement a similar system. While NADIR investigates security events, the methods used and the management issues are potentially applicable to a broad range of complex systems. These include those used to audit credit card transactions, medical care payments, and procurement systems.
- Research Organization:
- Los Alamos National Lab., NM (United States)
- Sponsoring Organization:
- USDOE, Washington, DC (United States)
- DOE Contract Number:
- W-7405-ENG-36
- OSTI ID:
- 10129349
- Report Number(s):
- LA-UR-94-592; CONF-9405111-1; ON: DE94007571
- Resource Relation:
- Conference: 16. Department of Energy computer security group training conference,Denver, CO (United States),3-5 May 1994; Other Information: PBD: [1994]
- Country of Publication:
- United States
- Language:
- English
Similar Records
Audit Report, "Fire Protection Deficiencies at Los Alamos National Laboratory"
Audit Report on "Protection of the Department of Energy's Unclassified Sensitive Electronic Information"