Finally, you need to assess your business applications. Whether they are internal business applications or customer-facing ones, you need to know what logging is taking place and how it can be used to tell the story of an incident.
When you've taken stock, it's likely that you'll see that your logging layers provide different perspectives on incidents. More importantly, there's a good chance that the logs aren't even stored in the same place and that they are viewed by different teams in your network operations and security operations centers.
And now that you know what you have and where it goes and who sees it, you have to figure out how you can use those multiple perspectives to build a single view of an incident. There are products that promise to help you with that, but the principle of "garbage in, garbage out"always applies. The tools are only as good as the data they receive.
The important thing is to make sure that, should you be hit by an incident, you will have the situational awareness that your executives need. For them, whether something happened at the network level or the application level is immaterial. They just want to know the business impact. They want a damage assessment and a course of action.
So in 2015, that's what you should be prepared to give them. To get there, take a critical look at your visibility and make an action list on how you can improve things. Imagine various event scenarios and determine just what sort of data you'd likely find and how useful that data will be in telling the executive team what they need to know.
Sign up for MIS Asia eNewsletters.