Log Data
Description
Log Data includes system, network, and application logs collected from all infrastructure and platform components within Scheol Lab.
It enables monitoring, auditing, and detection of security events and operational anomalies.
Asset Identification
| Attribute | Value |
|---|---|
| Asset ID | DAT-LOG-01 |
| CI Type | Information |
| Asset Name | Log Data |
| Asset Category | Security Monitoring |
| Owner | Security Role (Sec) |
| Status | Planned |
| Location | Logging & Monitoring Platform |
| Primary Function | Security monitoring, audit, and alerting |
Asset Dependencies
| Dependency Type | Asset | Status |
|---|---|---|
| Platform | Logging & Monitoring Platform | Planned |
| Platform | Identity Management Platform | Planned |
| Information | Infrastructure Configuration Data | In Progress |
Relationships
| Relationship | Target CI |
|---|---|
| Supports | Security Monitoring & Detection |
| Supports | Incident Response Processes |
| Uses | Infrastructure Configuration Data |
Asset Classification
| Criteria | Level |
|---|---|
| Confidentiality | 🟨 Medium |
| Integrity | 🟥 High |
| Availability | 🟨 Medium |
Criticality score: 🟥 High
Rationale:
- Integrity is critical to ensure logs cannot be tampered with.
- Confidentiality is moderate, sensitive information may appear in logs.
- Availability is important for detection but tolerates short delays.
Responsibilities
| Role | Responsibility |
|---|---|
| Security Role (Sec) | Collection, monitoring, and protection of logs |
| Operations Role (Ops) | Ensure log forwarding and storage infrastructure availability |
Security Controls
- Centralized logging with access control
- Integrity checks and tamper detection
- Encryption of logs in transit and at rest
- Retention policies aligned with operational and regulatory requirements
Security Considerations
Main risks include:
- Log tampering or deletion
- Unauthorized access to sensitive log content
- Loss of visibility due to misconfigured logging
Mitigations:
- Role-based access control
- Automated monitoring and alerting
- Secure storage and backups
Methodological References:
- ISO 27001 - Control 8.2 Privileged access rights ; Control 8.15 Logging ; Control 8.16 Monitoring activities.
- NIST CSF - DE.CM Continuous Monitoring ; PR.PT Protective Technology.
- EBIOS RM - Logs considered as critical information assets supporting threat detection and risk analysis.