Security Audit Logs: Reviewing security audit logs in an IT system is one of the easiest ways to
verify that access control mechanisms are working as intended. Reviewing audit logs is primarily a
detective control. Centralized Logging: Should be automated, secure and even administrators should
have limited access. Often a central repository is hashed and never touched, and a secondary copy is
analyzed to ensure integrity. Logs should have a retention policy to ensure we are compliant and we
keep the logs as long as we need them.