I wish to inform the CEE community about a very successful
security audit logging standards effort in Healthcare. The main motivation is
to create a link with the CEE community and the healthcare community. This link
should be a positive link for both of us. Let me explain.
We have defined an audit event description schema as well as
an informative list of security relevant events. We continue to try to utilize general
IT standards to transmit our events into general IT audit repositories. In this
a) Healthcare applications can focus on doing things with
clinical data, and not spend time analyzing audit trails
b) Applications that specialize in analyzing audit trails
can focus on this analysis
We are very interested in the efforts of CEE as it is the
side of security audit logging that we are not interested in developing but are
very reliant on.
This effort has been organized by a profiling organization: Integrating
the Healthcare Enterprise (IHE). www.ihe.net.
The standards we focus on:
·Security Audit and
Access Accountability Message XML Data Definitions for Healthcare Applications
oThis is currently being moved into ISO through TC 215 as (ISO/WD 27789)
· We have tried to use
Reliable-Syslog, but have so far been forced to use BSD-Syslog. We are in the
process of recognizing syslog-protocol family.
Our biggest problem has been that our security audit logging message is
large because it is XML but also because it is fully self describing. Meaning
that each event fully explains all the attributes of the event, meaning that it
is unnecessary to correlate messages with previous messages like login, or
subject selected, etc… We have worked with the syslog-protocol community
to raise the MTU size, it is still smaller than we sometimes need.
I would be happy to answer any questions the group has on this topic.
Principal Engineer: Interoperability and Security