Logging and Monitoring

Logging is the process of recording events which could affect cyber security. What needs to be logged will vary across organisations and will depend on security threats and requirements. However, this may take the form of recording when certain information has been accessed, by which account and when, for example. The logs themselves should be audited frequently, and reviewed to ensure they are effective. Sometimes, logs can become full of too much information, making them overwhelming and inaccessible for many, therefore reducing their efficiency. This is where keeping information key and succinct can be very useful, and reviewing the logs will ensure they are made the most effective. 

Monitoring helps to detect attacks and ensure systems are being used safely. Security monitoring tools usually run in the background of systems, and their use is often required legally. These tools will monitor the levels at which systems are being used according to security policies. Despite monitoring being required in many cases, the overuse of monitoring can be counterproductive. Trying to monitor too much can create false positives and may lead to individuals or organisations becoming desensitised to alerts, meaning that real incidents could get overlooked.