PRIME MINISTER’S OFFICE NATIONAL AGENCY FOR CYBER SECURITY (ALCIRT) REGULATION FOR THE DIGITAL LOGS MANAGEMENT IN PUBLIC ADMINISTRATION Approved with Order no. 109 date 10.06. 2016 of the Director of the National Agency for Cyber Security (ALCIRT). REGULATION FOR THE DIGITAL LOGS MANAGEMENT IN PUBLIC ADMINISTRATION Content 1. Introduction ....................................................................................................................................... 4 2. Purpose .............................................................................................................................................. 4 3. Definitions .......................................................................................................................................... 5 4. General ............................................................................................................................................... 6 5. Activities for which logs will be held .................................................................................................. 7 5.1 Log elements ..................................................................................................................................... 7 5.2 Logs Management Infrastructure and Tasks of Responsible Staff for Log Management ................ 8 5.2.1 Log Management Infrastructure ................................................................................................... 8 Depending on the resources and specifics of the institution, log infrastructure can be: ...................... 8 5.2.2 Duties of Responsible Staff for Log Management ......................................................................... 9 6. Sanctions .......................................................................................................................................... 10 7. Entry into Force ................................................................................................................................ 10 Annex 1 ................................................................................................................................................. 11 1. Summary .......................................................................................................................................... 12 2. Purpose and Scope of Application ................................................................................................... 14 3. Subjects ............................................................................................................................................ 14 4. Structure of the Guide ..................................................................................................................... 14 Chapter I ............................................................................................................................................... 14 1. Introduction to Computer Security Logs Management .................................................................... 14 1.2 Computer Security Logs .................................................................................................................. 15 1.1.1 Security Software ......................................................................................................................... 15 1.1.2 Operating Systems ....................................................................................................................... 17 1.1.3 Applications ................................................................................................................................. 18 1.1.4 The usefulness of logs .................................................................................................................. 20 1.2 The necessity for log management ................................................................................................. 20 1.3 Challenges in the management of logs........................................................................................... 20 1.3.1 The generation and storage of logs ............................................................................................. 20 1.3.2 The protection of logs .................................................................................................................. 21 1.3.3 The analysis of logs ...................................................................................................................... 21 1.4 The overcoming of challenges ........................................................................................................ 22 1.4 Summary ......................................................................................................................................... 23 Chapter II .............................................................................................................................................. 23 2 REGULATION FOR THE DIGITAL LOGS MANAGEMENT IN PUBLIC ADMINISTRATION 2. Log Management Infrastructure ....................................................................................................... 23 2.1 Architecture .................................................................................................................................... 24 2.2 Functions......................................................................................................................................... 25 2.3 Syslog-Based centralized logging software ..................................................................................... 27 2.3.1 Syslog Formats ............................................................................................................................. 27 2.3.2 Syslog Security ............................................................................................................................. 28 2.3.4 Software for Security Information and Event Management (SIEM) ............................................ 29 2.5 Other types of log management software ..................................................................................... 30 2.6 Summary ......................................................................................................................................... 30 Chapter III ............................................................................................................................................. 31 3. Planning log management ............................................................................................................... 31 3.1 Determining roles and responsibilities ........................................................................................... 31 3.2 Creating Logging Policies ................................................................................................................ 34 3.3 Creating applicable policies ............................................................................................................ 36 3.4 Design of log management infrastructure ...................................................................................... 36 3.5 Summary ......................................................................................................................................... 37 Chapter IV ............................................................................................................................................. 38 4. Operational management of work processes .................................................................................. 38 4.1 Log Resource Configuration ............................................................................................................ 38 4.1.1 Log Generation ............................................................................................................................ 39 4.1.2 Saving and deleting logs .............................................................................................................. 39 4.1.3 Security of logs ............................................................................................................................. 41 4.2 Data Analysis ................................................................................................................................... 41 4.2.1 Understanding logs ...................................................................................................................... 41 4.2.2 Determining the priority of the logs ............................................................................................ 41 4.3 Managing memory for keeping long-term logs .............................................................................. 42 4.4 Other Operational Actions .............................................................................................................. 42 Reference .............................................................................................................................................. 42 3 REGULATION FOR THE DIGITAL LOGS MANAGEMENT IN PUBLIC ADMINISTRATION 1. Introduction The National Agency for Cyber Security (ALCIRT) based on Decision no. 766 of date 14.09.2011, as amended, pursuant to point 3 letter d) "Publishes the security rules of government’s computer networks and systems". 2. Purpose The purpose of this regulation is to guide public administration in its work practice by implementing rules for managing digital logs in public administration: a) Considering the fact that the Government of the