ISO 27001 Annex : A.12.4 Logging and Monitoring

 


ISO 27001 Annex : A.12.4 Logging and Monitoring Its objective is recording events and generating evidence.

A.12.4.1  Event Logging

Control- Event logs should be produced, retained, and regularly reviewed to record user activities, exceptions, defects, and information security events.

Implementation Guidance- Where applicable, event logs should include:

  1. IDs of User;
  2. Activities of the system;
  3. dates, times and key events details, such as log-on and log-off;
  4. System ID or location and device recognition where possible;
  5. records of the attempts to access the system successfully as well as rejected ones
  6. successful and unsuccessful data records and other attempts to access resources;
  7. system configuration alterations;
  8. utilization of privileges;
  9. the application and use of systems utilities;
  10. Accessed files and access kinds;
  11. network addresses and protocols;
  12. Entry management system warnings.
  13. Protective mechanisms such as anti-virus and intrusion detection systems are activated and deactivated as required;
  14. Transaction records done in applications by users.

Event logging inspires automatic control systems capable of producing integrated network monitoring notifications and warnings.

Other information- Sensitive information and personally identifiable information can be used in event logs. Proper measures in the field of privacy should be implemented.
System administrators should not be allowed to delete or deactivate logs of their own activities where possible.

Related Product : ISO 27001 Lead Auditor Training And Certification ISMS

A.12.4.2  Protection of Log Information

Control-  Logging and log information should be secure from intrusion and unauthorized access.

Implementation Guidance- Controls should be designed to protect against unauthorized log information changes and operational logging problem, including the following:

  1. Alterations to the types of messages recorded;
  2. Editing or removing log files;
  3. The logfile media storage space is surpassed, which means either that an event is not registered or that the past events have been over-written.

Certain audit logs may require archiving as part of the retention of records or as a result of collecting evidence and retention requirements.

Other information- System logs also contain a large amount of information, which is largely unique to monitoring information security. The copying automatically to a second log of relevant message types or the use of suitable device utilities or auditing tools to perform file interrogations and rationalizing should be considered to help classify significant events for information security monitoring.

System logs must be protected, because data can create a false sense of security, when often modified or deleted. To safeguard logs, real-time copy of logs to a system outside the control of a system manager/operator.

Read More : https://info-savvy.com/iso-27001-annex-a-12-4-logging-and-monitoring/

-------------------------------------------------------------------------------------------------------------------------------------

This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com


Comments

  1. Thanks for given detail information to me. keep posting like this. iso-13485

    ReplyDelete

Post a Comment

Popular posts from this blog

10 Secrets You Will Never Know About Cyber Security And Its Important

What is Penetration testing ?

Types of Vulnerability Assessment