Information Gathering -> Logging: Centralized application logging
Risk and Opportunity
Risk: Local stored logs can be unauthorized manipulated by attackers with system access or might be corrupt after an incident. In addition, it is hard to perform an correlation of logs. This leads attacks, which can be performed silently.
Opportunity: A centralized logging system is used and applications logs (including application exceptions) are shipped to it.
Usefullness: Very High
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low
Dependencies: Visualized logging, Alerting
OWASP SAMM 1 Mapping: SA2-B
OWASP SAMM 2 Mapping: o-incident-management|A|1
ISO27001:2017 Controls Mapping:
- not explicitly covered by ISO 27001 - too specific