audit logs

"Your data may have been exposed". The reason you hear this statement is to meet compliance with the Health Insurance Portability and Accountability Act (HIPAA). This law is a critical aspect of protecting sensitive patient information and identifia...

Audit logs are a critical component of enterprise systems, providing a detailed record of activities within an information system. They serve as the backbone for security monitoring, compliance, and operational analysis, making them indispensable for...

In a world where hackers are trying to brute force user accounts (23andMe breach 2023), it is vital for developers to maintain a long-lasting and tamper-proof audit log of all authentication events to keep their apps secure. While many companies use ...

In the world where hackers are trying to brute force user accounts (23andMe breach 2023) and session tokens are being stolen (OKTA breach 2023) to impersonate authenticated users and run critical user actions, it is highly important for developers to...

✍ This article was written by author Ian Forrest In a previous post, I wrote about audit logs and the compliance frameworks which rely on them. What I didn’t cover is what you need to include in your audit logs to make them useful. After many years...

✍ This article was written by author Ian Forrest In my previous blog post, I wrote about how one might go about building a Tamperproof Logging Implementation. A good-sized chunk of that post was about how one could use Merkle Trees to verify the in...

✍ This article was written by author Ian Forrest There are many reasons to log events — for performance tracing, to understand user behavior, or for “just in case” scenarios where something goes wrong… or it could be for compliance. In my previous ...

✍ This article was written by author Ian Forrest Privacy and trust — two things that you can never have enough of. At the core of nearly every compliance framework is an effort to maintain privacy and increase trust. The privacy part is pretty easy...