Event data

Event data

Event data is a synonym to an audit trail. Modern computer software applications and IT infrastructure have adopted the term event data over audit trail. Events are typically recorded in logs and there is no standard for the format of event type data.

Examples of the use of this new term to describe audit trails are becoming more common and the term is cited in the documentation of the Microsoft Event Viewer which provides visibility into events in the following logs: Application log, security log, System log, Directory service log, File Replication service log and DNS server log. [http://technet2.microsoft.com/WindowsServer/f/?en/library/0cc21369-d815-40ad-8325-97e3762107b91033.mspx]


Event data records are created whenever some sort of transaction occurs. Event data records are generated at an extremely granular level by business applications, IT infrastructure, and security systems. Almost any type of record that is created to record a transaction and affixed with a timestamp meets the definition of an event data.

The contents of event data records are extremely crude and often meaningless unless correlated with other event data records.

Examples include business applications such as SAP, Oracle, IIS and thousands of others.

Examples of IT infrastructure includes servers, internetworking devices manufactured by Cisco and others, telecommunication switches, a SAN and message queues between systems.

Examples of security systems range from authentication applications including LDAP and RACF as well as IDS applications and other security systems.

A typical organization will have hundreds of sources of event records.

A single business transaction such as withdrawing cash from an Automated teller machine (ATM) or a customer placing an order will generate several hundred event data records in dozens of federated log files. It is not uncommon for organizations to generate terabytes of event data every day.

The retention and ability to quickly inspect event data records has become a necessity for the purposes of detecting suspicious activity, insider threats and other security breaches.

Regulatory compliance implications

Since the passage of the Sarbanes-Oxley Act of 2002 and other regulatory compliance mandates, the requirement for retention of event data has become mandatory for passing audits. [http://www.pcaobus.org/Standards/Standards_and_Related_Rules/Auditing_Standard_No.2.aspx]

EU Data Retention Directive implications

New legislation tied to combat terrorism such as The EU Data Retention Directive legislation, which the European Union says is necessary to help fight terrorism and organized crime, was passed by justice ministers in Brussels 2006. Internet service providers and fixed-line and mobile operators will now be forced to keep details of their customers' communications for up to two years.

Information including the date, destination and duration of communications will be stored and made available to law enforcement authorities for between six and 24 months, although the content of such communications will not be recorded. Service providers will have to bear the costs of the storage themselves.

EU countries will now have until August 2007 to implement the directive, which was initially proposed after the Madrid train bombings in 2004. [http://www.ispai.ie/DR%20as%20published%20OJ%2013-04-06.pdf]

Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Event data recorder — An Event Data Recorder or EDR is a device installed in some automobiles and trucks to record information related to vehicle crashes or accidents. Information from these devices can be collected after a crash and analyzed to help determine what… …   Wikipedia

  • Event Stream Processing — Event Stream Processing, or ESP, is a set of technologies designed to assist the construction of event driven information systems. ESP technologies include event visualization, event databases, event driven middleware, and event processing… …   Wikipedia

  • Data governance — is an emerging discipline with an evolving definition. The discipline embodies a convergence of data quality, data management, data policies, business process management, and risk management surrounding the handling of data in an organization.… …   Wikipedia

  • Data logger — Cube storing technical and sensor data A data logger (also datalogger or data recorder) is an electronic device that records data over time or in relation to location either with a built in instrument or sensor or via external instruments and… …   Wikipedia

  • Data loss — is an error condition in information systems in which information is destroyed by failures or neglect in storage, transmission, or processing. Information systems implement backup and disaster recovery equipment and processes to prevent data loss …   Wikipedia

  • Event-driven architecture — (EDA) is a software architecture pattern promoting the production, detection, consumption of, and reaction to events. An event can be defined as a significant change in state [K. Mani Chandy Event Driven Applications: Costs, Benefits and Design… …   Wikipedia

  • Data dredging — (data fishing, data snooping) is the inappropriate (sometimes deliberately so) use of data mining to uncover misleading relationships in data. Data snooping bias is a form of statistical bias that arises from this misuse of statistics. Any… …   Wikipedia

  • Data, context and interaction — (DCI) is a paradigm used in computer software to program systems of communicating objects. Its goals are: To improve the readability of object oriented code by giving system behavior first class status; To cleanly separate code for rapidly… …   Wikipedia

  • Data Securities International — Data Securities International, DSI is a company based in San Francisco, California that escrows source code for licensees. History In 1981, mathematician Dwight Olson saw an opportunity in the infant software product industry. Software companies… …   Wikipedia

  • Event condition action — (ECA) is a short cut for referring to the structure of active rules in event driven architecture and database systems. Such a rule did traditionally consist of three parts:* The event part specifies the signal that triggers the invocation of the… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”