|文 档:||Log Management Best Practices|
|标 签||log event compliance|
Log (event) management is the collection, analysis (real-time or historical), storage and management of logs from a range of sources across the enterprise. It is the foundation for comprehensive security information and event management (SIEM). Organizations which develop best practices in log management will get timely analysis of their security profile for security operations, ensure that logs are kept in sufficient detail for the appropriate period of time to meet audit and compliance requirements, and have reliable evidence for use in investigations.
Businesses face a number of challenges that make best practices in log management an increasingly important part of an overall enterprise IT security strategy. These include the need to control the vast amounts of data being generated by more and more systems, the increased requirements of today's regulated environment and a new breed of more advanced attacks.
By establishing best practices in log management, information executives can bring tremendous value to their organization by avoiding costs and increasing efficiencies in areas such as compliance, risk management, legal, forensics, storage and operations. Best practices in log management should be based on the requirements of applicable regulations and standards, guidance from legal counsel, business and operational objectives, and risk analysis.
Although best practices should be developed by each individual organization based on their particular environment, there are some general best practices which can be universally applied. This paper is intended to help organizations develop their own comprehensive set of best practices by providing a set of 40 recommended best practices covering logging policies, procedures and technology; log generation and capture; log retention and storage; log analysis; and log security and protection.