Logging and Monitoring

Last updated on May 25, 2020

Logging of system activity is necessary as it provides an audit trail to know who did what and when. Logging should be default on all critical systems and retention of logs should be based on a retention policy. Monitoring is necessary as it assists with timely response of an incident. Depending on the nature of the system and the number of users, monitoring can be done manually by generating system reports, these reports should be reviewed regularly and abnormal activities should be flagged and followed up with. For systems that may have a large number of users, a Security Information and Events Management (SIEM) solution should be implemented. (Note SIEM should be configured according to industry best practices).

Expert Opinion - Backup & Retention, Logging & Monitoring

Control Objective

Collect system logs to determine who did what when and retain logs according to retention policy
Correlate logs and monitor to identify and act on suspicious activity

Did you find what you were looking for?

The B.C. Public Service acknowledges the territories of First Nations around B.C. and is grateful to carry out our work on these lands. We acknowledge the rights, interests, priorities, and concerns of all Indigenous Peoples - First Nations, Métis, and Inuit - respecting and acknowledging their distinct cultures, histories, rights, laws, and governments.

More topics

Logging and Monitoring

Expert Opinion - Backup & Retention, Logging & Monitoring

Control Objective