From the course: Performing a Technical Security Audit and Assessment

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Conduct log reviews

Conduct log reviews

From the course: Performing a Technical Security Audit and Assessment

Start my 1-month free trial

Conduct log reviews

- All systems should have audit logs enabled to provide historical evidence of what occurred on the systems. The purpose of log reviews is to determine if systems are adequately logging important security events and if the organization is following it's own logging policies and standards. It should be fairly straight forward to compare the written logging policies and standards if there are any with the actually system audit logs and determine if the correct logging is happening. System configuration settings should also indicate what is being logged for additional confirmation. For instance, an organization may require that all failed and successful authentication attempts should be logged. If a system is found to log only successful authentication attempts but not the failed attempts that would be captured as a finding by the assessor. Reviewing logs may also reveal system configuration problems or even worse, evidence of unauthorized activity. One of the most famous cases of log…

Contents