Logs Management
I wanted to know what's the best approach to manage all the servers' application and security event logs. I mean, should we keep the security event logs separate from application logs or we can have them all at one place??
Assign topic to the user
The approach you take must depend on the perceived risks, legal requirements to be fulfilled, and available resources. In terms of ISO 27001 both approaches are acceptable, each one with its own advantages and disadvantages (e.g., logs in separate places mean that regular servers' administrators and operators will not have access to them, increasing security, but this configuration requires more resources and administrative effort).
This article will provide you a further explanation about log management:
- Logging and monitoring according to ISO 27001 A.12.4 https://advisera.com/27001academy/logging-according-to-iso-27001/
Comment as guest or Sign in
Aug 19, 2020