Data Mining for Continuous Monitoring & Compliance Reporting

Presented at ISSA International 2013
9-10 October, 2013 - Nashville, TN

Abstract: don’t control the tools, administrate the devices, or have any privileged access to systems or networks.  No one in operations will return timely reports, configurations, diagrams, or information.  Somehow you’re still responsible for assessing, maintaining, and reporting compliance with government or industry regulations.

Just because you can't get the data you want doesn't mean you don't have the data you need.  We're going to talk about a practical, real-world approach, along with some anecdotes and true stories, to using big data tools like Splunk to harvest and scrutinize data sources to find compliance information you didn't know was there.