- All security-related actions on server systems must be logged and audit reports should be saved as follows:
- For a period of one month, all security-related logs should be kept online
- For a period of one month, the daily backups, as well as the weekly backups should be retained
- For a minimum of two years, the monthly full backups should be retained
- Any event related to security being compromised should be reported to the InfoSec team. They shall then review the logs and report the incident to the IT department.
- Some examples of security-related events are as follows:
- Port-scanning-related attacks
- Access to privileged accounts without authorization
- Unusual occurrences due to a particular application on the host