tailieunhanh - IT Audit for the Virtual Environment: A SANS Whitepaper – September 2009

The Bureau conducts participatory gender audits within the offi ce and among its constituents. Gender audits provide a rigorous and collective self-assessment of progress and gaps in institutionalizing gender mainstreaming – within the ILO or national institutions – and develops recommendations on how to enhance the process. Through technical cooperation, the Bureau works to strengthen the gender mainstreaming capacity of ILO constituents at country level and offers targeted support. The Bureau also coordinates knowledge sharing initiatives on gender equality and publishes an electronic newsletter, the ILO Gender News. The Bureau coordinates the ILO Gender Network and also acts as. | Sponsored by VMware IT Audit for the Virtual Environment A SANS Whitepaper - September 2009 Written by J. Michael Butler and Rob Vandenbrink Introduction It All Boils Down to PII Similarities and Differences Practical Applications Introduction It All Boils Down to PII Industry requirements government agency directives and federal and state disclosure laws starting with California s SB1386 have one goal in common Protect personal and private information. It really doesn t matter whether we are talking about credit card information bank account numbers social security numbers health data or insurance information. In fact instead of personal information some organizations are focused on protecting utility infrastructures such as power plants telecommunications or gas lines. Although the information requiring protection in such a case is not personal the same security and audit principles still apply. So to achieve compliance IT groups check policies and procedures against rules regulations and directives. They follow best practices and build defense-in-depth. IT auditors SAS70 auditors and PCI QSAs Qualified Security Assessor meet with the operations teams whose responses show that they are indeed compliant. .that is until we start talking about virtualization. In this realm auditors are usually at a loss. Virtualization is gaining popularity because of its promise of increased return on investment ROI by reducing the data center footprint and power requirements. Gartner estimates that more than four million virtual servers will be deployed by 2009 and that number will grow to 660 million by According to a recent SANS Log Management Survey of more than 700 IT professionals 49 percent of respondents are currently collecting log data from virtual machines and 68 percent of those predict that in 2010 nearly 70 percent of their logs will come from virtual As organizations move ahead with their virtualization programs they need to understand the security