Auditing and logging policy
February 8, 2018
Auditing and logging are essential measures for protecting mission-critical systems and troubleshooting problems. This policy outlines the appropriate auditing and logging procedures for computer systems, networks, and devices that store or transport critical data.
From the policy:
Many computer systems, network devices, and other technological hardware used in the enterprise can audit and log various activities. These activities include network traffic, internet access, creating or deleting users, adding users to groups, changing file permissions, transferring files, opening the case, powering off, deleting system logs, and anything else a user, administrator, or the system itself might do.
Auditing and logging make up the first line of defense for ensuring system and environmental integrity and troubleshooting problems in a mission-critical environment. Whether an administrator makes a mistake, a hardware component fails, a hacker breaches a system, an inordinate amount of network bandwidth is being consumed, or a user attempts to gain unauthorized access to a database, audit logs will help pinpoint what happened and how to resolve the issue.
Collecting events in log files is only half the goal. Establishing a framework for monitoring and reviewing events is the other half, so that day-to-day administration, critical issues, and security-related incidents can be handled appropriately. Therefore, following a set of guidelines to implement and administer effective auditing and logging is a critical task for any IT department.
This policy provides guidelines for the appropriate use of auditing and logging in computer systems, networks, and other devices that store or transport critical and/or security-sensitive data. It includes methods for securing logs and interpreting the resulting data to make the best use of it.
All full-time and part-time employees, consultants, contractors, and other personnel responsible for administering systems, networks, and other devices with auditing/logging capability are covered by this policy.