By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
I have not seen such a guideline. One reason for retaining raw firewall logs is to preserve evidence that might later be used to prosecute a criminal intruder or otherwise to explain to a legal authority what threats a system was exposed to. For a typical enterprise, a two-year retention period would seem reasonable, provided the enterprise is unaware that the logged data might be necessary for any particular prosecution, investigation or dispute. However, I cannot state a hard two-year rule (and I never give specific legal advice in this column), because there could be exceptions. An exception might apply, for example, to an e-commerce financial institution that has a strong need to prove several years after the fact that its system was sound.
For more info on this topic, visit these SearchSecurity resources:
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.