Computer Security Log Management: A Comprehensive Guide, Study Guides, Projects, Research of Computer Science

Download Computer Security Log Management: A Comprehensive Guide and more Study Guides, Projects, Research Computer Science in PDF only on Docsity!

Computer Security NAME Course Professor Date of Submission

Computer Security Log Management The implementation should be all-inclusive under the computer security log management policies headed by the Chief Information Security Officer, CISO, of an organization. The development of a comprehensive logging policy will help an entity enhance its security, guarantee compliance, enable the detection of incidents, and give the possibility for forensic investigation if needed. Device Type Development of an appropriate logging policy begins by identifying device types within a network, such as servers, workstations, network devices, routers, firewalls, and switches to include endpoint security systems such as anti-virus and intrusion detection. All these devices would generate logs containing very useful information regarding the operations, user interactions, and security events (Landauer et al., 2020). For instance, servers create logs in regard to system access, application errors, and network connections, while network devices take a closer look at the traffic flow, logs of firewalls, and intrusion attempts (Awotipe, 2020). Events, such as malware detection or suspicious user behavior, get recorded by endpoint security systems in relation to attempts of unauthorized access (Kent & Souppaya, 2006). Device type definition is, therefore, necessary to identify different settings of logging standards based on functionality and relevance for the purposes of security. Log Generation Log generation is one of the most important processes because it states what information every device shall capture. NIST SP800-92 guides that logs should include some information that enables monitoring system activity and identifies possible security events (Ibhaze & Aribeana, 2024). A good logging policy would therefore mean that logs are to be generated on all critical systems and applications, not limited to authentication events, access control changes, malware detection, and network traffic analysis (Kent & Souppaya, 2006).

Logs are deleted when they are of no use, in a secured way to avoid any breach of data. It could also include log rotation and log deletion using secured methods of erasure, making the deleted logs unrecoverable (Thompson, 2021). Disposal processes shall be based on a data retention policy, with logs destroyed in compliance with applicable laws and regulatory frameworks. Log Analysis Log analysis is the last critical element in a proper logging policy. The logs shall play an important role mainly in incident identification, anomaly detection, and forensic investigation. Accordingly, the NIST has recommended periodic review practices on logs for various suspicious activities regarding brute force attempts, malware variants, and other types of anomalies in applications and systems (Kent & Souppaya, 2006). Logs should be subject to manual analysis, while automated means like SIEM systems can help aggregate, correlate, and analyze logs coming from multiple devices (Brumfield & Haugli, 2021)). Automated analyses help in the detection of patterns or anomalies that might indicate an attack or a breach, thus helping in faster response times. There needs to be an escalation procedure for critical events to make sure timely mitigation measures are taken by the right personnel.

References Abd Hamid, N., Ab Rahman, N. H., & Cahyani, N. D. W. (2024). Enhancing Learning Management Systems with Intrusion Alerts and Forensic Logging. International Journal of Advanced Research in Education and Society , 6 (3), 295-308. https://myjms.mohe.gov.my/index.php/ijares/article/view/ Awotipe, O. (2020). Log analysis in cyber threat detection. Brumfield, C., & Haugli, B. (2021). Cybersecurity risk management. John Wiley & Sons. Harshali, B., Avantika, A., Shruti, L., Dhanashri, U., & Komal, D. (2024). Log Alert System Server Log Recognition and Alert System. International Journal of Trend in Scientific Research and Development , 8 (6), 69-78. https://www.ijtsrd.com/computer-science/other/70555/log-alert-system-server-log- recognition-and-alert-system/harshali-bobde Ibhaze, A. E., & Aribeana, O. A. (2024). An Electronic and Web-Based Authentication, Identification, and Logging Management System. Journal of Engineering , 30 (01), 1-

25. https://doi.org/10.31026/j.eng.2024.01. Kent, K., & Souppaya, M. (2006). Special Publication 800-92 Guide to Computer Security Log Management Recommendations of the National Institute of Standards and Technology. NIST. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-92.pdf Kurniawan, K. (2023). " Improving Cybersecurity through Semantic Log Monitoring, Analysis and Attack Reconstruction. Landauer, M., Skopik, F., Wurzenberger, M., & Rauber, A. (2020). System log clustering approaches for cyber security applications: A survey. Computers & Security , 92 ,
26. https://doi.org/10.1016/j.cose.2020. Nguyễn, T. H. (2022). Cybersecurity Logging & Monitoring Security Program.