- Event data
Event data is a synonym to an
audit trail. Modern computer software applications and IT infrastructure have adopted the term event data over audit trail. Events are typically recorded in logs and there is no standard for the format of event type data.
Examples of the use of this new term to describe audit trails are becoming more common and the term is cited in the documentation of the Microsoft Event Viewer which provides visibility into events in the following logs: Application log, security log, System log, Directory service log, File Replication service log and
DNS serverlog. [http://technet2.microsoft.com/WindowsServer/f/?en/library/0cc21369-d815-40ad-8325-97e3762107b91033.mspx]
Event data records are created whenever some sort of transaction occurs. Event data records are generated at an extremely granular level by business applications, IT infrastructure, and security systems. Almost any type of record that is created to record a transaction and affixed with a
timestampmeets the definition of an event data.
The contents of event data records are extremely crude and often meaningless unless correlated with other event data records.
Examples of IT infrastructure includes servers, internetworking devices manufactured by
Ciscoand others, telecommunication switches, a SANand message queues between systems.
Examples of security systems range from authentication applications including LDAP and
RACFas well as IDSapplications and other security systems.
A typical organization will have hundreds of sources of event records.
A single business transaction such as withdrawing cash from an
Automated teller machine(ATM) or a customer placing an order will generate several hundred event data records in dozens of federated log files. It is not uncommon for organizations to generate terabytesof event data every day.
The retention and ability to quickly inspect event data records has become a necessity for the purposes of detecting suspicious activity, insider threats and other security breaches.
Regulatory compliance implications
Since the passage of the
Sarbanes-Oxley Act of 2002and other regulatory compliance mandates, the requirement for retention of event data has become mandatory for passing audits. [http://www.pcaobus.org/Standards/Standards_and_Related_Rules/Auditing_Standard_No.2.aspx]
EU Data Retention Directive implications
New legislation tied to combat terrorism such as The EU Data Retention Directive legislation, which the
European Unionsays is necessary to help fight terrorism and organized crime, was passed by justice ministers in Brussels 2006. Internet service providers and fixed-line and mobile operators will now be forced to keep details of their customers' communications for up to two years.
Information including the date, destination and duration of communications will be stored and made available to law enforcement authorities for between six and 24 months, although the content of such communications will not be recorded. Service providers will have to bear the costs of the storage themselves.
EU countries will now have until August 2007 to implement the directive, which was initially proposed after the Madrid train bombings in 2004. [http://www.ispai.ie/DR%20as%20published%20OJ%2013-04-06.pdf]
Wikimedia Foundation. 2010.