[haser_au]

Can only speak about my corner of a very large organisation;

- Technical debt of custom coded solutions is a known issue across our organisation. New strategy is to move to market solutions, therefore outsourcing the risk to organisations with (hopefully) better code management than we have. For my corner, we don't have technical debt measured accurately enough for my liking.

- Yes, we pay for an use centralised logging. We've actually been through two solutions, and are now moving to a third due to various factors (cost, integrations, speed, out-of-the-box metrics). Integration into the centralised logging system is part of our Request for Tender marking criteria.

- Relatively good at disabling access after someone leaves. We integrate as much as possible to a central repository. It's just the outliers that tend to last beyond someone in the organisation. Critical systems are absolutely shutdown within 24 hours of a leaver departing (usually immediately if they're a bad leaver).

Edit: Formatting

[BuuQu9hu]

> (hopefully)

I hope you are auditing the code of those external orgs.

[haser_au]

When you use SaaS products, auditing the code is not a service they offer. You have to rely on certifications from independent certifying organisations, etc.

[riprowan]

Part of the goal is to establish an arms length relationship to lower legal liability.

[tptacek]

Which logging systems did you like/not like?

[haser_au]

Alientvault: Ok...we probably didn't get full potential here HP ArcSight: Extremely powerful, especially the normalizing of logs across similar system. Requires a team to manage though. Splunk: Our business isn't ready for cloud based hosting of centralised logs. Otherwise, we'd be on this already. From my perspective, purely from a reduction in complexity to pull useful information (not just Security).