Priya Patel
TLDR:
- CISA released guidance in collaboration with FBI and NSA for event logging and cyberthreat detection.
- The guide emphasizes the importance of quality log data and storing logs for at least one year.
The Cybersecurity and Infrastructure Security Agency (CISA) recently published guidance in partnership with the FBI, NSA, and international cybersecurity agencies regarding best practices for event logging to enhance cyberthreat detection. The guide underscores the significance of quality log data in understanding network environments and swiftly identifying cybersecurity incidents. It also recommends organizations retain logs for a period of one year to facilitate thorough investigations in case of incidents.
Scott Gee, AHA’s deputy national advisor for cybersecurity and risk, highlighted the value of high-quality log data in constructing a comprehensive view of an organization’s network and aiding incident responders. The guide advises implementing an event logging policy centered on capturing high-quality cybersecurity events to assist network defenders in correctly identifying cyber incidents.
The document also stresses the importance of maintaining logs for a year to ensure comprehensive investigations in the event of cyber incidents. It mentions that rural hospitals are eligible for free or discounted Microsoft services and recommends leveraging these resources for improved cybersecurity.
For further information on cybersecurity and risk issues, organizations can contact Scott Gee at sgee@aha.org. Additional cyber and risk resources can be accessed at www.aha.org/cybersecurity.
