This guy lists 12 steps in his article about how to approach a security program. I did not read all the twelve steps, but I found the one that’s of interest to me: “Step 8: Log reporting”. I started reading the paragraph and well, you bet, I have some comments:
“Management should know where the users are going, what type of bandwidth is being used, and who is hacking into your sites.”
Do you really believe that management is interested in where every user is going and what type of bandwidth they are using? I think they have better things to do. What about deifning a policy that clearly states what employees are allowed to do, what sites are off limit and what applications are prohibited (such as file sharing)? Then you monitor the traffic and figure out who is in violation of this. That’s the report that I as a manager would be interested in. I don’t have the time to interpret log files or reports and figure out what happened. Have machines do the work for me and give me the distilled information!