2 of 2 people found this helpful
We have a bunch of hospital, clinic, and otherwise HIPAA-beholden customers. Hopefully some will come visit and chime in. I can speak of the broader experience of LEM in these environments, but sometimes there's nothing like the first hand story in the "tales from the trenches" style.
This is the only LEM virtual or otherwise user space/group that I know of. There might be other general SIEM spaces in various places, but it still seems to be little product specific camps except at places like the SANS Log Management conference where people are more encouraged to knowledge share across products.
One way I've seen this go is to organize meetups around popular conferences that people are likely to attend. The other way is a "real" user group - you'd think if there were enough people to create some more niche user groups that exist these days, there should be enough users to create a SIEM/Log Management User Group, even if it wasn't LEM specific.
Thanks for the reply.
I'll keep lurking!
I am a newbie to Health Care and to HIPAA Compliance. My previous experience has been as a Network Systems Administrator. At the moment I could use good information on how often HIPAA related reports should be run and which reports should be run from the Log and Event Manager to track HIPAA related network events. Anybody out there know any good resources?
You Have a New Message Pickup Center Message
Gene Carleton <email@example.com> has sent you an encrypted message via Message Pickup Center.
Sent: April 1, 2013 10:50:58 AM
To view this message, click the link below and use your activation code to create a free Message Pickup Center account. Once you've created your account, you can view your messages you receive from Gene Carleton <firstname.lastname@example.org> directly from your Message Pickup Center account:
Activation Code: sdnetgct
Click here to create your free account and read your message. https://ex.securemail.intermedia.net/login.html?msgUserId=7f2aff5c65&enterprise=SMTX&rrRegcode=sdnetgct&locale=en_US
Andrew, we're using LEM for log file analysis to comply with these components of the Security Rule:
- Information system activity review (Required). Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports. (164.308(a)(1)(ii)(D))
- Log-in monitoring (Addressable). Procedures for monitoring log-in attempts and reporting discrepancies. (164.308 (a)(5)(i)(C))
- Standard: Audit controls. Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information. (164.312(b))
I'd be interested in knowing how you've incorporated LEM into your daily security operations.