| Consider adding logging and monitoring capabilities for your app. A security log could include: | |
| * Authentication and authorization events | |
| * Service configuration changes | |
| * Object reads and writes | |
| * User and group permission changes | |
| * Elevation of role to admin | |
| Your logs should use consistent timestamping for each event and should record the users, IP addresses, or hostnames for all logged events. | |