文 档: Log Management Best Practices
语 言: 外文
标 签 log event compliance
介 绍:

Log (event) management is the collection, analysis (real-time or historical), storage and management of logs from a range of sources across the enterprise. It is the foundation for comprehensive security information and event management (SIEM). Organizations which develop best practices in log management will get timely analysis of their security profile for security operations, ensure that logs are kept in sufficient detail for the appropriate period of time to meet audit and compliance requirements, and have reliable evidence for use in investigations.

Businesses face a number of challenges that make best practices in log management an increasingly important part of an overall enterprise IT security strategy. These include the need to control the vast amounts of data being generated by more and more systems, the increased requirements of today's regulated environment and a new breed of more advanced attacks.

By establishing best practices in log management, information executives can bring tremendous value to their organization by avoiding costs and increasing efficiencies in areas such as compliance, risk management, legal, forensics, storage and operations. Best practices in log management should be based on the requirements of applicable regulations and standards, guidance from legal counsel, business and operational objectives, and risk analysis.

Although best practices should be developed by each individual organization based on their particular environment, there are some general best practices which can be universally applied. This paper is intended to help organizations develop their own comprehensive set of best practices by providing a set of 40 recommended best practices covering logging policies, procedures and technology; log generation and capture; log retention and storage; log analysis; and log security and protection.

  • Definition of Log (Event) Management
  • Why do Logs Matter for Security and Compliance?
  • Challenges Addressed by Log Management
  • The Business Value of Best Practices in Log Management
  • Inputs Into Your Organization's Best Practices
  • Recommended Best Practices
    • I. Logging Policies, Procedures and Technology (LP)
    • II. Log Generation and Capture (LG)
    • III. Log Retention and Storage (LR)
    • IV. Log Analysis (LA)
    • V. Log Security and Protection (LS)
  • Conclusion
  • Solutions for Implementing Best Practices
  • Appendices
    • Appendix 1—Sources and Contents of Logs
    • Appendix 2—Compliance Requirements for Log Management
附件下载
相关推荐
Java反序列化实战
  • 反序列化,java,web安全,Fastjson,Weblogic
本议题将从那些经典案例入手,分析攻击方和防御方的对抗过程。会从fastjson与
Log Management Best Practices
  • log,event,compliance
Log (event) management is the collection
基于LOG的安全威胁分析-ASV
  • log,threat,visualization,perimeter
#Perimeter Threat The previous chapte
NIST800-92 Guide to Computer Security Log Management(日志管理手册)
  • NIST,LOG,日志管理
This publication seeks to assist organiz
阅读心得