2 Comments

David Hayling
I disagree with the generality of "Institutions [should] keep as many logs as they can, for as long as possible."
This could lead to problems ... not least of all breach of DPA, but also unwanted access from FOI.
imo the better advice is to have a well considered and founded Data Retention Policy and have a process that matches log retention to policy.
Reply
Lee Harrigan-Green
In our experience are large number of sites only keep logs of critical systems for very short periods of time and makes investigating issues very difficult. Every site will need to make the trade off between being able to investigate issues and their retention policies. And of course all data that is retained should be retained in line with your data retention policy. For instance retaining firewall data for 5 years is pointless as the likelihood of needing this data is low and not to mention costly however 3 to 6 months even a year is not unreasonable as many issues will need to be investigated within this timeframe.
Reply
Leave your comment
(If you're a human, don't change the following field) Your first name.
(If you're a human, don't change the following field) Your first name.
By submitting this form, you accept the Mollom privacy policy.