Logging
Logging is the foundation on which security monitoring and situational awareness are built.
Your approach to logging should help answer some of the typical questions asked during a cyber incident, such as:
- what has happened?
- what is the impact?
- what should we do next?
- have post-incident remediations been effective?
- are our security controls working?
If you can answer these questions, even partially, it will help you to recover more quickly from a cyber incident and develop your defences. This will reassure your customers, suppliers, investors and regulators that you have taken all measures necessary to protect your data and systems.