Fork me on GitHub

Information Gathering -> Logging: Logging of security events

Risk and Opportunity

Risk:
Opportunity: Security-relevant events like login/logout or creation, change, deletion of users should be logged.

Assessment

Additional Information

Implement logging of security relevant events. The following events tend to be security relevant:

Implementation hints

Usefulness and Requirements of this Activity

Usefullness: High
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

OWASP SAMM VERSION 2

ISO27001 2017

Credits

This activity is inspired/copied by/from

AppSecure-nrw