Security logs on servers and firewalls are kept for a period of at least 6 months

Security logs allow you to keep a coherent and comprehensive record of any actions taken (who did what and when) and to ensure staff accountability. Where necessary, they can be used to analyse the history of the actions leading up to an attack.

Storing logs and making it impossible for technicians to partially delete or modify them, improves the audit and analysis of attacks. Of course generic accounts must be eliminated.