How Much Log Data Is Enough?

All links and images for this episode can be found on CISO Series

https://cisoseries.com/defense-in-depth-how-much-log-data-do-you-need

You're a CISO struggling with an influx of log data into your SIEM. What's the data you want to keep, and for how long? You want insights, but you also want to keep costs down. Holding onto everything is going to cost a fortune.

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, deputy CISO, Levis, and our guest Naomi Buckwalter (@ineedmorecyber), director of information security and IT at Beam Technologies .

Thanks to our podcast sponsor, TrustMAPP

Does your board want to see yet more heat maps? No, they do not. They want to see that security investments align with business goals, and that their costs are objectively justified. TrustMAPP’s data visualization helps you communicate with your board in a way they can understand – and approve.

In this episode

• So, what is the sweet spot for retaining log files? 90 days? 1 year?
• Should you categorize according to business criticality?
• How do you separate the "junk" from the valuable data?