Logging is the only way you can determine what is happening on your network. When something goes wrong, like an unauthorized network access or an unacceptable use from an employee, the logs is what shows the trail of these events.
The following list is a set of items that should be reviewed when creating an security audit of your logging effectiveness.
- Is auditing enabled for security events such as logon events, object access, policy change, process tracking and system events?
- Are log sizes set to meet or exceed organizational standards and ensure that the size of the log files will enable administrators to review sufficient log history in a security incident?
- Are the log files retained or archived in a manner that will allow for retrieval and review following a security event?
- Are log files protected in a manner that aides in protecting the integrity of the log files such as remote logging or frequent archival?
- Are the log files reviewed on a frequent basis to detect security incidents?
| 