From the course: Security for the SMB: Implementing the NIST Cybersecurity Framework
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
System auditing and logging
From the course: Security for the SMB: Implementing the NIST Cybersecurity Framework
System auditing and logging
- [Instructor] We can't protect everything. So, we need the ability to detect what's happening on our computers. This is done with system auditing and logging. Auditing on our computers gives us the ability to detect and record events. And, as a means to capture what users and processes are doing on the system. As well as when, where, and how it occurred. Capturing data in the logs, and then carefully reviewing them is essential for both systems maintenance and security investigations. As part of your planning process, the first step is documenting your organization's logging policies and procedures. There are many decisions to be made as you are creating them. At a minimum, they should contain two main elements. One. Which systems must have logging enabled? And, two. What are the required log settings on each system? A common question is, "what do we log?" If we log too much, we're going to impact the performance…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.