Log Management
26. Logging Key Activities
For the UBC Servers under your control, is logging enabled and capturing the following key activities?
Why is this Essential?
A log is a record of the events occurring within application(s)/systems and networks. Effective logging and monitoring procedures (i.e. continual monitoring and/or periodic reviews) provide ongoing assurance that UBC Systems and the UBC Electronic Information that they hold are secure, and that confidentiality and integrity are effectively being ensured. In the event of a security breach, audit logs are relied upon to determine whether or not information has been accessed or modified without authority.
Reference Links
Information Security Standards – M8 Logging and Monitoring of UBC Systems
Information Security Standards – M10 Internet-facing Systems and Services
Instructions
N/A
What is Acceptable?
There is a process to ensure logging is enabled for all systems during system implementation.
If the process is new, a review of older systems has been conducted to confirm logging requirements are met.
27. Log Retention and Protection
What percentage of servers under my control meet the requirements below?
Why is this Essential?
A log is a record of the events occurring within application(s)/systems and networks. Log data is invaluable in managing, maintaining and troubleshooting. Furthermore, log management is critical for cyber incident response, audit and non-repudiation.
Reference Links
Information Security Standards – M8 Logging and Monitoring of UBC Systems
Information Security Standards – M10 Internet-facing Systems and Services
Instructions
N/A
What is Acceptable?
Through knowledge of the ecosystem/active review you are confident that in at least 85% of cases these requirements are met.