The confidentiality, integrity, and availability of security logging must be protected.
Implementing controls for security logging of information helps ensure organizations maintain the ability to support incident investigations, troubleshooting, and performance improvement opportunities.
If logging information is not appropriately protected, the necessary details may not be available to personnel trying to support these activities. The protection of logging information is the focus of pitfall #52 in my eBook, Security Program Pitfalls and Prescription to Avoid Them.
Access to auditing tools and audit logs should be limited to those with a job- related need in order to help preserve the confidentiality of logs. Logging systems, as well as audit log information, should be protected against tampering and unauthorized access to preserve the integrity of the audit log information. Audit logs should be protected against unauthorized access, unauthorized use, deletion, or compromise of logs in order to preserve the availability of logging information.
Both authorized and unauthorized access attempts to auditing and vulnerability management tools and audit log information should be recorded. Appropriate measures should be in place to protect logs from modification. Security and IT personnel should receive automated alerts in the event of a failed access attempt to logging systems or upon an audit log processing failure. Appropriate actions should be taken to restore auditing capabilities as soon as possible if an auditing failure occurs.
Your organization needs to have insight into the activities and actions being performed within your environment. This includes security-related events occurring within information systems, as well as actions performed by your users. Configuring alerts for potentially risky or nefarious activities does not provide the expected value if the logs containing those alerts can be intentionally or unintentionally modified or deleted.
To learn more about this pitfall, and 99 more, get my book: 100 Security Program Pitfalls and Prescriptions to Avoid Them (available on Amazon here). Or register for a demo of the ASCENT Security and Compliance Portal and get a free synopsis of the 100 Security Program Pitfalls eBook today.