Mechanisms exist to protect event logs and audit tools from unauthorized access, modification and deletion.
Mechanisms exist to back up event logs onto a physically different system or system component than the Security Incident Event Manager (SIEM) or similar automated tool.
Mechanisms exist to restrict access to the management of event logs to privileged users with a specific business need.
Cryptographic mechanisms exist to protect the integrity of event logs and audit tools.
Automated mechanisms exist to enforce dual authorization for the movement or deletion of event logs.
Mechanisms exist to utilize a non-repudiation capability to protect against an individual falsely denying having performed a particular action.
Mechanisms exist to bind the identity of the information producer to the information generated.
Mechanisms exist to retain event logs for a time period consistent with records retention requirements to provide support for after-the-fact investigations of security incidents and to meet statutory, regulatory and contractual retention requirements.
Mechanisms exist to monitor for evidence of unauthorized exfiltration or disclosure of non-public information.
Automated mechanisms exist to analyze network traffic to detect covert data exfiltration.
Passcode