Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook

Data system log review

Critical
High
Normal
Low

The organization must be aware of the logs that accrue from the use of different data systems, whether generating the logs is the responsibility of the organization or the system provider. Logs record user actions as well as anomalies, errors, and security incidents.

The adequacy of log should be reviewed regularly. If necessary, log should be usable to determine the root causes for system incidents.

Connected other frameworks and requirements:
I10: Turvallisuuteen liittyvien tapahtumien jäljitettävyys
12.4.1: Event logging
ISO 27001
12.4.3: Administrator and operator logs
ISO 27001
PR.PT-1: Audit/log records
NIST CSF
DE.CM-7: Monitoring for unauthorized activity
NIST CSF
No items found.