In order to secure information networks and ensure the integrity, availability, and confidentiality of network traffic, logs of this traffic and network systems must be collected. Logging and log management are a key part of preventing and investigating information security breaches. Without logging, detecting, and responding to information security incident, management is difficult or even impossible. A log management policy promotes the use of common rules for logging.

In a security audit conducted for Tietokeskus, an IT company, in 2022, it was found that there was room for improvement in their internal logging and log management. This thesis was conducted as part of a 2023 internal log management development project. The goal of the development project was to bring the client closer to ISO 27001 standardization, improve their information security operations in practice, and provide better tools for troubleshooting internal systems. Before starting the development project, the client did not have a written log management policy.

The aim of this thesis was to study logging, its associated standards and legislation, log management, and the use of the Elastic Stack environment for centralized log management. An important goal was to identify and plan key areas of log management policy. The research was conducted as an information mapping and used literature from the field, guidelines from expert organizations, and Finnish and EU legislation as sources. The requirements and needs of Tietokeskus were determined in project group meetings and in discussions with the information security manager of Tietokeskus. As a result of the thesis, an internal log management policy will be created for Tietokeskus based on their needs, legislation, standards, and best practices in the industry.