Logging for Security and Compliance

Customer Challenges And Needs

In a mature development operation, logging is a part of life that hasn’t changed in a long time.  Loggings first job is to provide a trail of what an application has been doing so that defects and crashes can be traced to their root cause.  In today’s environment, application logs are now used to closely observe application behavior from a security perspective.  In this service offering, CyberQ will work with your organization to optimize your logging so that it covers all of the roles that it now must cover.  Further, CyberQ will help you extend your logging framework to enhance compliance and logging controls.

Offering Details

The CyberQ consultant will work with your application development organization to take a security-centric logging approach while taking into account the broader organizational needs for logging.

 

The consultant will cover the following topics.

  • Identification of security related loggables
  • Extending logging API’s to provide security specific capabilities.
  • Identifying a security logging strategy that will stand the test of time.
  • How to write logs that are easily parsed by third party applications
  • Performance considerations.
  • Compliance considerations: PII and PHI.
  • Logging for requirements verification

Benefits

By building a disciplined approach to application logging, organizations can enhance the security of their application by making it observable.  Logging optimization will also improve regulatory compliance and application performance.