.Ensure that no sensitive or personally identifiable information of users or the company (real names, addresses, passwords, credit card information, phone numbers, and so on ) is logged.
Additional to application-specific operations and events, log all operations related to user and account management, for example, creation and deletion of users, password change, change of privilege level, login attempts, and logouts.
Ensure that all logs contain enough context of the event, date and time up to milliseconds, user generating the event, system environment conditions relevant to the event, and entities involved, such as database records, modules, other users, and client used.
Implement a centralized system for gathering, processing, and analyzing logs and generating security alerts based on that analysis (Security Information and Event Management (SIEM)).
Have a team dedicated to monitor and respond to security incidents.
Implement incident response and incident recovery plans so that when an attack is detected or a security breach occurs, you have a standardized procedure to follow in order to recover as fast as possible.
