Search - National Standard Microsite
Back
Cyber Security: Logging and monitoring
Cyber Security: Logging and monitoring
Status: Live
Published:
11/05/2021
Security level: Official
Amended / Internally developed:
No
Live on platform:
23/09/21
Retired on platform:
Target Audience: Technical / General
Authoring body: National Cyber Security Centre (NCSC)
Grading:
no grading applied
Guidance
Abstract
Step 8 from the 10 steps to Cyber Security covers how to design your systems to be able to detect and investigate incidents.
Collecting logs is essential to understand how your systems are being used and is the foundation of security (or protective) monitoring. In the event of a concern or potential security incident, good logging practices will allow you to retrospectively look at what has happened and understand the impact of the incident. Security monitoring takes this further and involves the active analysis of logging information to look for signs of known attacks or unusual system behaviour, enabling organisations to detect events that could be deemed as a security incident, and respond accordingly in order to minimise the impact.
Download attachments:
Tag:
network
operating systems
cyber attack
Category:
Security