# Logs and Telemetry as Sensitive Data One-sentence definition: Treating operational logs/metrics/traces as data assets that may contain secrets or PII. ## Key Facts - Scrub/redact PII and secrets at source; avoid verbose prod logs. - Secure transport (TLS) and storage (encryption, access controls). - Retention and legal holds apply; minimize exposure in SIEM. - Segregate duties; audit access by analysts. - Tokenize identifiers for analysis where possible. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Identify risk of exposing PII via logs and the right mitigation. **Mnemonic:** “**Look**, don’t **leak**.” ## Mini Scenario Q: Passwords appear in logs—what fix? A: Input filtering; never log secrets; rotate exposed creds. ## Revision Checklist - Name 3 controls for log data. - Define tokenization use in analytics. - Tie logs to retention/holds. ## Related [[Data Loss Prevention (DLP)]] · [[Data Catalogs and Metadata Management]] · [[eDiscovery and Data Retention]] · [[Secrets in CI CD and Infrastructure as Code]] · [[API Keys and Application Secrets Handling]] · [[Domain 2 - Index]]