Cyber Security: Logging and monitoring

Cyber Security: Logging and monitoring

Cyber Security: Logging and monitoring

Status: Live
Published: 11/05/2021
Security level: Official
Amended / Internally developed: No
Live on platform: 23/09/21
Retired on platform:
Target Audience: Technical / General
Authoring body: National Cyber Security Centre (NCSC)
Grading: no grading applied

Step 8 from the 10 steps to Cyber Security covers how to design your systems to be able to detect and investigate incidents.

Collecting logs is essential to understand how your systems are being used and is the foundation of security (or protective) monitoring. In the event of a concern or potential security incident, good logging practices will allow you to retrospectively look at what has happened and understand the impact of the incident. Security monitoring takes this further and involves the active analysis of logging information to look for signs of known attacks or unusual system behaviour, enabling organisations to detect events that could be deemed as a security incident, and respond accordingly in order to minimise the impact.

Download attachments:

Logging and monitoring.pdf

Category: Security