More rigorous logging is performed for higher priority assets
Context and Guidance: Logging requirements defined in SITUATION-1c and SITUATION-1d are enhanced to include consideration of asset-level risks that have been identified through risk management activities, so that more rigorous logging is performed for higher risk assets. In the context of this practice, more rigorous describes a logging approach that is complete and comprehensive, includes coverage of all key controls, is regularly reviewed and adjusted based on environmental changes, and is persistent and continuous (rather that intermittent and discrete.). For example, for the management of virtualised assets, the organisation may require additional log information to be captured such as user ID, timestamps, and the IP address of the user’s terminal. Organisations that have very mature logging capabilities with no opportunity for further implementation of this practice as written should consider a response of fully implemented. A list of example events that may be logged is provided in the help text for practice SITUATION-1c.
Related Practices • Input From: Implementing ASSET-1c provides input that may be useful for implementing this practice. • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: SITUATION-1a, SITUATION-1b, SITUATION-1c, SITUATION-1d, SITUATION-1f.