What's your log retention approach? Do you have a SIEM, log management system or both? And how long do you retain logs on devices (e.g. firewalls), in SIEM and in a log management system?

Auditing & LoggingSecurity
259 views1 Upvote2 Comments
Sort By:
Oldest
CISO in Software2 years ago
1 year is standard in most cases
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Head of IT in Manufacturing2 years ago
Depends on what kind of logs…some logs are delete automatically after some time (SaaS Tools like Sophos f.e.), others are also deleted because of GDPR Requierments (internet logs, guest access). We definied the most crucial logs for us and collecting them in a log aggregation tool for 12 months, in some cases also longer (AD Logs), which are getting archived after 12 months and can be used on demand. 

I propose to first start an overview of all logs you want to collect, categorize them und define the storage / duration. 

Don’t forget also to look at the legal requirements & GDPR. 

Content you might like

Are you facing the same cost increase / risk on the timeline for the PCI DSS 2024 Audits?

Auditing & LoggingIT Strategy & RoadmapSecurity Strategy & Roadmap+1 more
CISO in Healthcare and Biotech8 days ago
The update to PCI DSS has introduced new validation and documentation requirements, increasing the cost and timeline of audits. These changes require more detailed evidence of compliance, affecting internal processes and ...read more
1.1k views1 Comment

What is the best approach to ensure secure data transfer in the cloud?

CloudSecurityData Protection & Encryption

Implementing end-to-end encryption24%

Regularly monitoring for threats56%

Setting strict access control rules7%

All of the above13%

View Results
3.5k views1 Comment

How would someone look to understand user utilization within a closed area? We are using Splunk for keyboard logging, looking at logon\logoff times for the classified desktops. We use badge reader information as they enter\leave. Also, this is there unclass office as well so they do work on unclass systems as well. We are running at about 10-15% utilization with those measures.  We are trying to determine what is good?

IT Strategy & RoadmapSecuritySecurity Strategy & Roadmap
557 views

Are organizations managing IT security internally, or are they outsourcing to specialized security companies? If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Applications & PlatformsSecurityData Protection & Encryption+8 more
Director of IT in Education2 months ago
We do a combination of both.
931 views1 Comment

If you had to upgrade to Windows 11 manually, how long do you estimate it would take your team to complete the following capability check for: TPM (trusted platform module)

CloudEnd-User DevicesBackup & Disaster Recovery+11 more

0 - 15 mins18%

15 - 30 mins70%

30 - 45 mins24%

+45 mins6%

View Results
2.5k views