References

Download as PDFDownload as PDF

Information and Guidelines on Logfiles

LINX Best Current Practice – Traceability: https://www.linx.net/good/bcp/traceability-bcp-v1_0.html

Information Commissioner’s Employee Monitoring code: http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/employment_practices_code.pdf

NIST Guide to Computer Security Log Management: http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf

Data Retention

LINX Best Current Practice – Traceability: https://www.linx.net/good/bcp/traceability-bcp-v1_0.html

Data Protection Act 1998: http://www.legislation.gov.uk/ukpga/1998/29/contents

Directive 2002/58/EC on Privacy and Electronic Communications: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:EN:HTML

Data Retention (EC Directive) Regulations 2009 (covers public networks only): http://www.legislation.gov.uk/uksi/2009/859/contents/made

Access to Data

LINX Best Current Practice – User Privacy: https://www.linx.net/good/bcp/privacy-bcp-v1_0.html

Regulation of Investigatory Powers Act 2000 (RIPA) Text of the Act: http://www.legislation.gov.uk/ukpga/2000/23/contents

The Regulation of Investigatory Powers (Communications Data) Order 2003 (Statutory Instrument 2003 No. 3172): http://www.legislation.gov.uk/uksi/2003/3172/contents/made

Codes of Practice and forms for law enforcement use of RIPA communications data access powers: http://www.homeoffice.gov.uk/counter-terrorism/regulation-investigatory-powers/ripacodes-of-practice/

Police and Criminal Evidence Act 1984: http://www.legislation.gov.uk/ukpga/1984/60/contents

Norwich Pharmacal Orders: http://www.burges-salmon.com/Practices/commercial/Intellectual%20Property/Publications/Know_Your_Enemy_Norwich_Pharmacal_orders.pdf

Analysing and Processing Logfiles

SANS whitepapers on creating and interpreting logfiles: http://www.sans.org/reading_room/whitepapers/logging/

Comments