Insufficient Logging

Insufficient logging and monitoring refers to the failure to capture, retain, and alert on security-relevant events, allowing attackers to operate undetected. Critical events like failed logins, access control violations, and input validation failures should be logged with sufficient context for forensic analysis.

Without adequate logging, organizations lack the visibility needed to detect breaches, investigate incidents, and meet compliance audit requirements.