CSP - IT Rep - Log Management

Last updated: February 8, 2023
 
Log Management  
 

26. Logging Key Activities

For the UBC Servers under your control, is logging enabled and capturing the following key activities?

  • User login, logout and access to a resource;
  • action performed by the User and the time it was performed; and
  • where feasible, any access to, or modification of, records.
Why is this Essential?

A log is a record of the events occurring within application(s)/systems and networks. Effective logging and monitoring procedures (i.e. continual monitoring and/or periodic reviews) provide ongoing assurance that UBC Systems and the UBC Electronic Information that they hold are secure, and that confidentiality and integrity are effectively being ensured. In the event of a security breach, audit logs are relied upon to determine whether or not information has been accessed or modified without authority.


Reference Links​
Information Security Standards – M8 Logging and Monitoring of UBC Systems
Information Security Standards – M10 Internet-facing Systems and Services

Instructions​

N/A


What is Acceptable?

There is a process to ensure logging is enabled for all systems during system implementation.

If the process is new, a review of older systems has been conducted to confirm logging requirements are met.
 



27. Log Retention and Protection

What percentage of servers under my control meet the requirements below?

  • logs are retained for at least 90 days (except for ERP logs, which must be retained for at least 365 days) and regularly backed up whenever possible, preferably to offsite secure storage;
  • logs are retrievable in a timely manner if they are required for analysis; and
  • logs are protected against unauthorized access and modification, preferably by locating them on a separate server outside the Demilitarized Zone (DMZ), such as a Database Server protected by a firewall, and restricting access as necessary;
  • no-one is allowed to change or delete log information.
Why is this Essential?

A log is a record of the events occurring within application(s)/systems and networks. Log data is invaluable in managing, maintaining and troubleshooting. Furthermore, log management is critical for cyber incident response, audit and non-repudiation.


Reference Links​
Information Security Standards – M8 Logging and Monitoring of UBC Systems
Information Security Standards – M10 Internet-facing Systems and Services

Instructions​

N/A


What is Acceptable?

Through knowledge of the ecosystem/active review you are confident that in at least 85% of cases these requirements are met.






UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Chats Two speech clouds. Facebook The logo for the Facebook social media service. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Telephone An antique telephone. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Twitter The logo for the Twitter social media service. Youtube The logo for the YouTube video sharing service. Bell Warning