ISACA’s log management guidance says an effective logging and monitoring strategy must be developed with clear scope and objectives, and that without a perceived business purpose, even the best technically designed architectures have no value. ISACA also emphasizes developing security monitoring strategy with the consumers of the service in mind, meaning stakeholder needs drive what the strategy should accomplish.
Option B may inform improvements, but audit recommendations are not the primary driver of strategy. Option C can provide context, but benchmarking is secondary to organizational needs. Option D is important once response processes are being designed, but first the organization must define the strategy around stakeholder and business requirements.
References (Official ISACA):
ISACA Journal, Log Management as an Enabler for Data Protection and Automated Threat Detection.
ISACA Journal, A Framework for SIEM Implementation.
ISACA Journal, How to Build a Great SOC.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit