Many companies and organizations use log management as a post-indicident analysis tool in the investigation of security breaches. However, major compliance regulations view event logs in a completely different way. Event log data is a must have tool to analyze who excercised what privileges and accessed confidential information, at any given point in time, to ensure continuous compliance.
Automated Event Log Management Solutions are used to facilitate the most difficult job in any compliance process. Regular review and correlation of event data through merging and archiving of events from multiple systems and seperation of the most critical 1% of activities from useless 99% of noise. From the compliance perspective, event log management is: Collection (Consolidation), Archiving (Retention), Audit Reporting, and Monitoring (Alerting).
On September 20th, 2016, Digital Edge released an article on Log Management Laws and Regulations. Below is a little "Cheat Sheet" on the Event Log Retention Requirements as mandated by major compliance regulations:
Regulation |
Retention Requirement |
7 years |
|
1 year |
|
7 years |
|
3 years |
|
3 years |
|
3+ months |
|
3 years |
|
6 years |
|
5 years |
|
3 years |