It’s usually assumed that when a user says “but I have a secure password” that they don’t; however, a lack of security isn’t always due to lack of knowledge. With increasingly large and complex IT environments, it’s becoming more and more difficult to keep up with securing all the components. Of particular interest, what about ensuring that your logs and audit trails themselves are secure? This is what I will be focusing on, in particular how to:

• secure / restrict access to logs prior to shipment
• a secure environment for storing logs
• secure shipment methods
• an audit trail
• not writing sensitive data to logs
• notifications can catch interruptions in log shipment and/or storage

As with all things, part of the “recovery” in “disaster recovery” involves a healthy dose of humor to learn and move past mistakes. As I cover the central requirements for secure logging, I’ll also use experience to show how to handle changes in security requirements iteratively.