Log review and management

Overview
Purpose:


 * Communicate potential risks to stakeholder.
 * Communicate rationale for security-relevant decisions to stakeholder.

Role:


 * who typically does this

Frequency:



Log Review Tips
Critical systems require at least daily log review, however, what types of logs/activities should we pay attention to? 1. Consecutive login failure especially in non-office hour. 2. Login in non-office hour. 3. Authority change, addition and removal. Check them against with authorized application. 4. Any system administrator's activities 5. Any unknown workstation/server are plugged into the network? 6. Logs removal/log overwritten/log size is full 7. Pay more attention to the log reports after week-end and holiday 8. Any account unlocked/password reset by system administrators without authorized forms?

Subactivity 2
Describe the subactivity here

Subactivity 3
Describe the subactivity here