Module 5
Network Security
Unit 5
Logging, Forensics and Future Trends
Learning Outcomes
- Specify a logging configuration for Windows/Linux.
- Select and utilise forensic tools.
- Analyse the results of log and forensic analysis tools.
Collaborative Discussion 2: The Pros and cons of logging – The impact of log4j
- The discussion started in the previous unit was continued. Link to the discussion forum: here
e-Portfolio Activity: Case Study: Reviewing an Assessment Reporting Template
You are tasked with reviewing the assessment template from PurpleSec.
Response:
1. Does this template meet the NCSC-stated requirement of preparing a baseline to use as a reference point for pen tests? If not, what changes/amendments would you make?
- The report offers a technical snapshot but doesn’t fully meet NCSC UK's definition of a baseline. It lacks explicit intent to establish a baseline and omits mapping vulnerabilities to critical business assets. To comply, it should state its baseline purpose and better support ongoing security testing and organisational risk assessments.
2. What are the two best lessons/examples presented in the report?
- I liked how the risk assessment is organised clearly based on the severity of vulnerabilities—critical, high, medium, and low—which makes it easy to prioritise issues. I also appreciated how remediation steps are listed in a structured manner, showing what specific actions should be taken to address each vulnerability.
3. What two things do you think are unnecessary or could be done more effectively?
- The detailed patch list is excessive; grouping by platform or risk category would be more digestible. Additionally, the report lacks business impact analysis—tying vulnerabilities to potential service disruption or regulatory consequences would make it more useful for senior stakeholders, as encouraged by NCSC UK.
Reflection
- I completed the Unit 5 activities ahead of schedule. My aim was to ensure sufficient time for the Unit 6 assessment, as I prefer to avoid last-minute efforts.