Logs are maintained in accordance with the log retrieval policy formulated by the manager.
Perform the actions below and store logs securely so that the retrieved logs will not be updated by others:
Save logs to external media, and store the external media in a secure location, such as lockable storage
Restrict the viewing of logs to administrators only, and set access restrictions for logs, such as not assigning update rights
Decide on the log retention period, with consideration to cases where investigation tracing back to the time of discovery of an issue is required
Implement measures to prevent tampering of logs, such as retaining multiple copies of logs and using storage that cannot be rewritten.
Encrypt logs so that logs are not easily viewed.
