How Often Are Logs Reviewed?

1.	How Often Are Logs Reviewed?
Answer» Logs should be reviewed every day. This includes IDS logs, system logs, management station logs, ETC. Not reviewing the logs is one of the BIGGEST mistakes an organization can make. Events of INTEREST should be investigated daily. It can be a very TEDIOUS TASK for a single person to do this job as their only assignment (unless they really enjoy it). It is better to have a log review rotation system amongst the security team. Logs should be reviewed every day. This includes IDS logs, system logs, management station logs, etc. Not reviewing the logs is one of the biggest mistakes an organization can make. Events of interest should be investigated daily. It can be a very tedious task for a single person to do this job as their only assignment (unless they really enjoy it). It is better to have a log review rotation system amongst the security team.

Answer»

Logs should be reviewed every day. This includes IDS logs, system logs, management station logs, ETC. Not reviewing the logs is one of the BIGGEST mistakes an organization can make. Events of INTEREST should be investigated daily. It can be a very TEDIOUS TASK for a single person to do this job as their only assignment (unless they really enjoy it). It is better to have a log review rotation system amongst the security team.

Logs should be reviewed every day. This includes IDS logs, system logs, management station logs, etc. Not reviewing the logs is one of the biggest mistakes an organization can make. Events of interest should be investigated daily. It can be a very tedious task for a single person to do this job as their only assignment (unless they really enjoy it). It is better to have a log review rotation system amongst the security team.

Discussion

No Comment Found

Related InterviewSolutions

The Unique Number Will Be Generated By Md5, If It Is Tamped With Someone, The Value Will Be Changed So You Know You Are Tampered?
Explain How Do We Do Authentication With Message Digest(md5)? (usually Md Is Used For Finding Tampering Of Data)
Explain What Is Meant By Port Blocking Within Lan?
Explain What Is Difference Between Arp & Rarp? How Both Of These Protocols Will Work, And Where It Will Use?
What Is Difference Between Discretionary Access Control And Mandatory Access Control?
Explain How Do We Use Rsa For Both Authentication And Secrecy?
Explain What Is The Role Of Single Sign On In Authentication Technologies?
Explain In Mobile And Computer And Home Is It Possible That We See And Listen Person Voice And Activity Carefully For Destroying Their Privacy?
Explain What Does Cia Stand For In Security Management?
Explain For A Small Lan Which Class Of Addressing Is Used?