Information Gathering -> Logging: Centralized application logging
Risk and Opportunity
Risk: Local stored logs can be unauthorized manipulated by attackers with system access or might be corrupt after an incident. In addition, it is hard to perform an correlation of logs. This leads attacks, which can be performed silently.
Opportunity: A centralized logging system is used and applications logs (including application exceptions) are shipped to it.
Dependencies: Visualized logging, Alerting
Usefulness and Requirements of this Activity
Usefullness: Very High
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low
OWASP SAMM VERSION 2
- not explicitly covered by ISO 27001 - too specific