On Operational Security Current Practices for ISPs

by Anton Chuvakin

Here is an interesting doc, pertaining to summarize current ISP operational security practices. It even has a neat section on logging practices:

"2.7. Logging Considerations

Although logging is part of all the previous sections, it is
important enough to be covered as a separate item. The main issues
revolve around what gets logged, how long are logs kept and what
mechanisms are used to secure the logged information while it is in
transit and while it is stored."

The weird part is that the document advocates "exception logging", rather than a full audit logging of network connections. Is that because those ISP usually have huge network pipes? Or is there some legal requirements to not have discoverable data on connectivity?