Log Management
9. Log Management
Are IT Support Staff in this Unit aware and held accountable for ensuring that server logs are captured, retained and monitored in accordance with the Logging and Monitoring of UBC Systems standard? In addition, if your unit manages an ERP, are application logs for these captured, retained and monitored?
Control or Process Description
For most departments, logging at the server level will be done by an IT support function or a cloud service provider. The Administrative Head should set this expectation using Service Level Agreements with third parties or by specifying this requirement with internal service providers or staff.
Why is this Essential?
A log is a record of the events occurring within application(s)/systems and networks. Log data is invaluable in managing, maintaining and troubleshooting. Furthermore, log management is critical for cyber incident response, Audit and non-repudiation.
Reference Links
Information Security Standards – M8 Logging and Monitoring of UBC SystemsInformation Security Standards – M10 Internet-facing Systems and Services
Instructions
N/A
What is Acceptable?
Assurance exits that the following logging is in place for all servers:
1. User login, logout and access to a resource;
2. Action performed by the User and the time it was performed;
3. Where feasible, any access to, or modification of, records.
Assurance usually takes the following form:
Cloud Service Provider:
- Contract or Service Level Agreement. If not available, written assurance will suffice.
- Service Level Commitment with UBC IT for systems supported by the UBC IT team.
- If a system is managed with-in the unit, the system owner is tasked to configure logging and monitoring in accordance to the Logging and Monitoring requirements as prescribed in the Information Security Standard M8.