Logging - part of a resilient cyber defence
Nobody can prevent security compromises of their IT systems. But with logging it is possible to go back and see what happened.
When you get hit with a cyber attack or you suspect that someone has breached your network, you will need good logs. But this often proves to be challenging, because you lack the right kind of logs to properly investigate the incident.
CFCS has updated its guidance on logging. This guidance is mainly targeted towards the people in larger public and private organisations responsible for logging, which is often the role of a CISO, CIO or director of IT. Smaller organisations may also find inspiration in this guidance for their dialogue with managed service providers or other IT service vendors.
This guidance contains advice on where and what to log on your network. This advice is based on the experience gained from the work of CFCS and private security firms in incident response and network forensics.
Centre for Cybersecurity
November 23, 2021