LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

How do you implement traceability for security, and what should you NOT log?

Log security-relevant events (logins, access decisions, admin actions) for detection and forensics — but never log secrets like passwords, tokens, keys, or PII.

Maintain audit logs of security-relevant events for detection and forensics.

What TO log:

  • Authentication events (login success/failure, logout)
  • Authorization decisions (access granted/denied)
  • Data modifications (who changed what, when)
  • Administrative actions (user creation, permission changes)
  • Security events (blocked attacks, anomalies)

What NOT to log (critical!):

  • Passwords (even failed attempts — could be off-by-one of real password)
  • Session tokens or API keys
  • Credit card numbers, SSN, health data
  • Encryption keys

Implementation tips:

  • Use structured logging (JSON) for easy analysis
  • Include timestamps, user IDs, source IPs, action taken
  • Protect log integrity (append-only, signed)
  • Send logs to a separate system attackers can't easily modify

Go deeper:

From Quiz: SPRG / Secure Architecture & Design | Updated: Jul 05, 2026