Anton Chuvakin throws down a doozy in discussing “Reverse Compliance or ‘Logs as Proof of Incompetence?'” Granted, he was inspired elsewhere, but he’s the first I read on this.
What if you keep so few logs that no one can prove you’ve been negligent beyond just not keeping logs? What if so few logs are kept, you don’t even need to know you’ve been hacked 2 years ago? We don’t know where these White House emails have gone, it must be our incompetence. Slap our wrists and let’s please move on…