This investigation report outlines the importance of logging in IT systems as a key element in IT security incident analysis. Often, the CFCS is forced to discontinue its investigations due to the victims’ inadequate logging. This guide is mainly intended for IT executives and IT technicians.

 

Summary

  • Insufficient logging in IT systems is a major issue, as it hinders efforts to thoroughly investigate and counter cyber attacks.
  • In 2020, the Centre for Cyber Security (CFCS) investigated an incident involving an attack against a Danish authority by a state-sponsored hacker group. This incident serves to illustrate that sufficient logging is a key element in post-incident reviews and clean-ups.
  • In at least 75 per cent of the Centre’s total operational cases, the investigation of cyber incidents is hampered by lack of or insufficient logging.
    The CFCS also assesses that lack of or insufficient logging hinders the efforts of numerous private security companies to fight cyber criminals.
  • Logging is crucial in cyber incident investigations, although there are many other reasons why logging should be an integral part of organization practices.
  • Author

    Centre for Cybersecurity

  • Release Date

    October 21, 2021

Download publication