ISO 27001 Annex : A.12.4 Logging and Monitoring

-

 


ISO 27001 Annex : A.12.4 Logging and Monitoring Its objective is recording events and generating evidence.

A.12.4.1  Event Logging

Control- Event logs should be produced, retained, and regularly reviewed to record user activities, exceptions, defects, and information security events.

Implementation Guidance- Where applicable, event logs should include:

  1. IDs of User;
  2. Activities of the system;
  3. dates, times and key events details, such as log-on and log-off;
  4. System ID or location and device recognition where possible;
  5. records of the attempts to access the system successfully as well as rejected ones
  6. successful and unsuccessful data records and other attempts to access resources;
  7. system configuration alterations;
  8. utilization of privileges;
  9. the application and use of systems utilities;
  10. Accessed files and access kinds;
  11. network addresses and protocols;
  12. Entry management system warnings.
  13. Protective mechanisms such as anti-virus and intrusion detection systems are activated and deactivated as required;
  14. Transaction records done in applications by users.

Event logging inspires automatic control systems capable of producing integrated network monitoring notifications and warnings.

Other information- Sensitive information and personally identifiable information can be used in event logs. Proper measures in the field of privacy should be implemented.
System administrators should not be allowed to delete or deactivate logs of their own activities where possible.

Related Product : ISO 27001 Lead Auditor Training And Certification ISMS

A.12.4.2  Protection of Log Information

Control-  Logging and log information should be secure from intrusion and unauthorized access.

Implementation Guidance- Controls should be designed to protect against unauthorized log information changes and operational logging problem, including the following:

  1. Alterations to the types of messages recorded;
  2. Editing or removing log files;
  3. The logfile media storage space is surpassed, which means either that an event is not registered or that the past events have been over-written.

Certain audit logs may require archiving as part of the retention of records or as a result of collecting evidence and retention requirements.

Other information- System logs also contain a large amount of information, which is largely unique to monitoring information security. The copying automatically to a second log of relevant message types or the use of suitable device utilities or auditing tools to perform file interrogations and rationalizing should be considered to help classify significant events for information security monitoring.

System logs must be protected, because data can create a false sense of security, when often modified or deleted. To safeguard logs, real-time copy of logs to a system outside the control of a system manager/operator.

Read More : https://info-savvy.com/iso-27001-annex-a-12-4-logging-and-monitoring/

-------------------------------------------------------------------------------------------------------------------------------------

This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com


Comments

  1. pritam kumar23 April 2021 at 22:54

    Thanks for given detail information to me. keep posting like this. iso-13485

    ReplyDelete

Post a Comment

Popular posts from this blog

10 Secrets You Will Never Know About Cyber Security And Its Important

-
Image
Know about Cyber Security Whether you’re a techie or not, there’s a good chance that your life is very reliant on the net and its wonders. Your social media accounts are likely humming, and you recognize your way round the IOT devices you employ . All of those devices connect you to the cyber world in a method or another. Here are 12 things to understand about  cyber security . And once you are sharing such a lot of your data online daily, you may also care about your cyber security.  If you’ve always thought cyber security are a few things only big companies got to care about change your mind, now. Cyber security is as critical on a private level, because it is on a company’s level. Besides, there’s hardly any job or profession, that’s not supported technology. With  jobs or a career in mind , you need to understand what threatens your security online and what you’ll be able to do to stay your data secure. 1  You’re a target to hackers Don’t ever say...
Read more

What is Penetration testing ?

-
Image
Penetration testing is a method of evaluating the security of an information system or network by simulating an attack to find out vulnerabilities that an attacker could exploit. Penetration test (or "pen-testing") exposes the gaps in the security model of an organization and helps organizations reach a balance between technical prowess and business functionality from the perspective of potential security breaches. This can help in disaster recovery and business continuity planning. It simulates methods used by intruders to gain unauthorized access to an organization's networked systems and then compromise them and involves using proprietary and open-source tools to conduct the test. Apart from automated techniques, penetration testing involves manual techniques for conducting targeted testing on specific systems to ensure that there are no security flaws that previously might have gone undetected. In the context of penetration testing, the tester is limited by resource...
Read more

Types of Vulnerability Assessment

-
Image
Given below are the different types of vulnerability assessments:   Active Assessment Active assessments are a type of vulnerability assessment that uses network scanners to scan the network to identify the hosts, services, and vulnerabilities present in that network. Active network scanners have the capability to reduce the intrusiveness of the checks they perform.   Passive Assessment Passive assessments sniff the traffic present on the network to identify the active systems, network services, applications, and vulnerabilities. Passive assessments also provide a list of the users who are a recently using the network. External Assessment External assessment assesses the network from a hacker's point of view to find out what exploits and vulnerabilities are accessible to the outside world. These types of assessments use external devices such as firewalls, routers, and servers. An external assessment estimates the threat of network security atta...
Read more