Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.
Objective: Event logs support the traceability of events in case of a security incident. This requires that events necessary to determine the causes are recorded and stored. In addition, the logging and analysis of activities in accordance with applicable legislation (e.g. Data Protection or Works Constitution Act) is required to determine which user account has made changes to IT systems.
Requirements (must): Information security requirements regarding the handling of event logs are determined and fulfilled.
Security-relevant requirements regarding the logging of activities of system administrators and users are determined and fulfilled.
The IT systems used are assessed regarding the necessity of logging.
When using external IT services, information on the monitoring options is obtained and considered in the assessment.
Event logs are checked regularly for rule violations and noticeable problems in compliance with the permissible legal and organizational provisions.
Requirements (should): A procedure for the escalation of relevant events to the responsible body (e.g. security incident report, data protection, corporate security, IT security) is defined and established.
Event logs (contents and meta data) are protected against alteration. (e.g. by a dedicated environment).
Adequate monitoring and recording of any actions on the network that are relevant to information security are established.
Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.
Objective: Event logs support the traceability of events in case of a security incident. This requires that events necessary to determine the causes are recorded and stored. In addition, the logging and analysis of activities in accordance with applicable legislation (e.g. Data Protection or Works Constitution Act) is required to determine which user account has made changes to IT systems.
Requirements (must): Information security requirements regarding the handling of event logs are determined and fulfilled.
Security-relevant requirements regarding the logging of activities of system administrators and users are determined and fulfilled.
The IT systems used are assessed regarding the necessity of logging.
When using external IT services, information on the monitoring options is obtained and considered in the assessment.
Event logs are checked regularly for rule violations and noticeable problems in compliance with the permissible legal and organizational provisions.
Requirements (should): A procedure for the escalation of relevant events to the responsible body (e.g. security incident report, data protection, corporate security, IT security) is defined and established.
Event logs (contents and meta data) are protected against alteration. (e.g. by a dedicated environment).
Adequate monitoring and recording of any actions on the network that are relevant to information security are established.
In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.
In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.
When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.
Sets the overall compliance standard or regulation your organization needs to follow.
.svg)
.svg)
.svg)
Break down the framework into specific obligations that must be met.
.svg)
Concrete actions and activities your team carries out to satisfy each requirement.
Documented rules and practices that are created and maintained as a result of completing tasks.
