Log events in an audit logging program should at minimum include: In the context of MSSEI, logs are composed of event entries, which capture information related to a specific event that has occurred impacting a covered device. In some cases, an effective audit logging program can be the difference between a low impact security incident which is detected before covered data is stolen or a severe data breach where attackers download large volume of covered data over a prolonged period of time. Logs are also useful for establishing baselines, identifying operational trends and supporting the organization’s internal investigations, including audit and forensic analysis. Regular log collection is critical to understanding the nature of security incidents during an active investigation and post mortem analysis. Without appropriate audit logging, an attacker's activities can go unnoticed, and evidence of whether or not the attack led to a breach can be inconclusive. Resource Custodians must maintain, monitor, and analyze security audit logs for covered devices.
0 Comments
Leave a Reply. |