Tip Tuesday: Cultivate Good Logging Habits

Keeping your data safe doesn’t always have to be complicated or expensive! The following are some basic tips that can help immediately improve your security posture with minimum effort, all pulled directly from the Center for Internet Security (CIS) Controls (https://www.cisecurity.org/controls). These controls are a great resource for anyone interested in establishing a security baseline or learning about areas of improvement for their organization.

Cultivate Good Logging Habits

While it’s true that auditing and log review often falls within the scope of an organization’s security team, if you are a data owner, it may also be your responsibility to review your own logs to ensure that certain accesses and permissions continue to remain appropriate. From a networking perspective, the logs generated by a company’s infrastructure devices can help system administrators and network engineers to determine the cause of service interruptions or other adverse system events. On the software side, ensuring that developers build comprehensive logging capabilities into the applications they create is critical, particularly in the event of a suspected attack or other security incident. From a security standpoint, without solid audit logs an attack or issue may go unnoticed for days, months, or even years, and the damages done may be irreversible.

To prevent this, follow these basic logging best practices:

  • Have Data – Ensure that logging has been enabled on all systems, applications, and networking devices as appropriate.
  • Capture the Details – Enable logging mechanisms to include detailed information such as an event source, date, user, timestamp, activity, etc.
  • Make Room – Ensure that all systems that store logs have adequate storage space for the logs generated.
  • Review! – Review logs regularly to identify anomalies or abnormal events.

Leave a Reply

Your email address will not be published. Required fields are marked *