From the course: Performing a Technical Security Audit and Assessment

Unlock the full course today

Join today to access over 24,800 courses taught by industry experts.

Conduct log reviews

Conduct log reviews

From the course: Performing a Technical Security Audit and Assessment

Start my 1-month free trial Buy for my team

Conduct log reviews

- [Instructor] All systems should have audit logs enabled to provide historical records of system activities. The purpose of log reviews is to assess whether systems adequately log crucial security events, and if the organization follows its logging policies and standards. Here's an example log review. Compare the organization's written logging policies and standards with their system audit logs and configuration settings. This comparison will verify whether logging is happening as required. For instance, if an organization requires logging successful and failed authentication attempts but a system logs only successful attempts, this would be noted as a finding by the assessor. Log reviews can reveal system configuration issues or evidence of unauthorized activity. A well-known example of log reviews exposing unauthorized activity is detailed in the book, "Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage" by Cliff Stoll, where systematic log reviews help trace a…

Contents