Insufficient logging and monitoring, combined with an ineffective or non-existent Incident Response process, allow an attacker to continue their actions, maintaining access to systems and compromising others. The attacker can modify, extract, delete, and encrypt data undisturbed.
Various Data Breach studies show that the average time to identify a security breach is over 200 days and that such identification is often made by external parties rather than those within the organization responsible for protecting data and systems.
| OWASP Top 10 Application Security Risks - 2017 | Reference |
|---|---|
| A10:2017-Insufficient Logging & Monitoring | OWASP |
The design and development of an application are only the first steps in the software lifecycle. The production (Operation) phase of a system is the most important and requires the most attention.
Francesco Ongaro
