Ok, I have recently become the only IT Security person in a large organization (~6000 users). Previously the departments handled security within themselves, but we have been shifting it over to me for auditing, policy implementation, etc.
I have been asking for weeks to get access to the Netware server logs, so I could start pulling together information on failed login attempts, password resets, login/logout etc. Finally, after meeting with the manager of that department I have been told that they don’t have that type of auditing enabled, and won’t enable it because it will be too much for the servers. (Although he isn?t sure if it would be memory, CPU, or storage intensive)
So I have to now pull together a document on why this should be done, and “It’s security best practices” isn’t going to cut it. Does anyone have a resource I could tap for a long list of reasons why this is something we would want?
