Information Security – Cybersecurity Notes
UoPX Advanced Cybersecurity Certification
Logging, Monitoring, and Auditing Logs
Logging and Monitoring - logging records events into various logs and monitoring reviews of
these events.
Logging Techniques - captures events, changes, messages, and other data that describes
activities that occurred on a system.
Logging is usually a native feature in an operating system and for most applications/services
Security Logs
o Record access to resources - can record when, what was modified or deleted
System Logs
o Records system events such as system start/stop or when services start/stop
Application Logs
o Record information for specific applications
Firewall Logs
o Record events related to any traffic that reaches a firewall - including what is
blocked
Proxy Logs
o Record details such what sites specific users visit and how much time spent there
Change Logs
o Track approved changes through the change management process - as part of
disaster recovery
Protecting Log Data - it is critical to protect logs against unauthorized access and unauthorized
changes - it is common to store logs on a central system like SIEM - and ensure safe and secure
backups.
Role of Monitoring - provides several benefits for an organization, including increasing
accountability, helping with investigations, and basic troubleshooting.
Audit trails - records created when information about events and occurrences is stored in one or
more db's or log files - like CCTV - more as a deterrent.
Monitoring is necessary to ensure that subjects can be held accountable for their actions and
activities.
1
UoPX Advanced Cybersecurity Certification
Logging, Monitoring, and Auditing Logs
Logging and Monitoring - logging records events into various logs and monitoring reviews of
these events.
Logging Techniques - captures events, changes, messages, and other data that describes
activities that occurred on a system.
Logging is usually a native feature in an operating system and for most applications/services
Security Logs
o Record access to resources - can record when, what was modified or deleted
System Logs
o Records system events such as system start/stop or when services start/stop
Application Logs
o Record information for specific applications
Firewall Logs
o Record events related to any traffic that reaches a firewall - including what is
blocked
Proxy Logs
o Record details such what sites specific users visit and how much time spent there
Change Logs
o Track approved changes through the change management process - as part of
disaster recovery
Protecting Log Data - it is critical to protect logs against unauthorized access and unauthorized
changes - it is common to store logs on a central system like SIEM - and ensure safe and secure
backups.
Role of Monitoring - provides several benefits for an organization, including increasing
accountability, helping with investigations, and basic troubleshooting.
Audit trails - records created when information about events and occurrences is stored in one or
more db's or log files - like CCTV - more as a deterrent.
Monitoring is necessary to ensure that subjects can be held accountable for their actions and
activities.
1
