CSP - IT Rep - Log Management

 

Log Management

 
 

26. Logging Key Activities

For the UBC Servers under your control, is logging enabled and capturing the following key activities?

  • User login, logout and access to a resource;
  • action performed by the User and the time it was performed; and
  • where feasible, any access to, or modification of, records.

Why is this Essential?

A log is a record of the events occurring within application(s)/systems and networks. Effective logging and monitoring procedures (i.e. continual monitoring and/or periodic reviews) provide ongoing assurance that UBC Systems and the UBC Electronic Information that they hold are secure, and that confidentiality and integrity are effectively being ensured. In the event of a security breach, audit logs are relied upon to determine whether or not information has been accessed or modified without authority.


Reference Links​
Information Security Standards – M8 Logging and Monitoring of UBC Systems
Information Security Standards – M10 Internet-facing Systems and Services

Instructions​

N/A


What is Acceptable?

There is a process to ensure logging is enabled for all systems during system implementation.

If the process is new, a review of older systems has been conducted to confirm logging requirements are met.
 


27. Log Retention and Protection

What percentage of servers under my control meet the requirements below?

  • logs are retained for at least 90 days (except for ERP logs, which must be retained for at least 365 days) and regularly backed up whenever possible, preferably to offsite secure storage;
  • logs are retrievable in a timely manner if they are required for analysis; and
  • logs are protected against unauthorized access and modification, preferably by locating them on a separate server outside the Demilitarized Zone (DMZ), such as a Database Server protected by a firewall, and restricting access as necessary;
  • no-one is allowed to change or delete log information.

Why is this Essential?

A log is a record of the events occurring within application(s)/systems and networks. Log data is invaluable in managing, maintaining and troubleshooting. Furthermore, log management is critical for cyber incident response, audit and non-repudiation.


Reference Links​
Information Security Standards – M8 Logging and Monitoring of UBC Systems
Information Security Standards – M10 Internet-facing Systems and Services

Instructions​

N/A


What is Acceptable?

Through knowledge of the ecosystem/active review you are confident that in at least 85% of cases these requirements are met.




Return to CSP Self-Assessment
This page was last updated on Wednesday, February 8, 2023 - 10:57