Logging Considerations
Regardless of how diligent your organization is when it comes to monitoring security, the majority of violations will be discovered after they occur. In most cases, administrators will see the evidence of violations without witnessing their occurrence. One method administrators use to review system activity is to examine the logs that systems and major software packages generate. The logs produced by these components can log everything users do on a system or network, or they can log errors or certain successful accesses, such as administrative users being granted access to systems.
Logging policies are difficult because you cannot write one statement that fits every environment. While it can be impractical to log every ...
Get Writing Information Security Policies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
