Be a Good Security Analyst

How deep is your <a href="http://www.it.ufl.edu/policies/security/uf-it-sec-incident-response.html">incident and response tracking</a>? There are a number of ways to track and log incidents. I recommend keeping copies of any relevant logs in an incident entry notebook. Every virus detection goes into this incident database, including malware incident details and usually the website access logs within the context of the antivirus incident.

How deep is your incident and response tracking? There are a number of ways to track and log incidents. I recommend keeping copies of any relevant logs in an incident entry notebook. Every virus detection goes into this incident database, including malware incident details and usually the website access logs within the context of the antivirus incident.

A daily review of website access logs often helps too, as well as a generating incidents from an IPS log. All of this logging can be tedious, and requires a certain amount of investigation, but it helps. You'll also notice patterns start to arise, and you'll catch on to things you wouldn't have otherwise noticed. If all else fails, your memory banks will fill with useful analysis, and might help you spot an incident down the road.

Being a good security analyst is not about satisfying a checklist or an audit. It's just about having detailed records so that those records can go to work for your computer protection. There are a number of products worth using to manage your data. But I've heard good things from security analysts about SharePoint. It might be worth a look.