Monitoring

Objective: To detect unauthorised information processing activities.

Within the organisation system events should be logged and monitored. Legal, regulatory and contractual requirements must be determined and systems monitored to ensure that they comply with them]

Systems should also be monitored to ensure the effectiveness of implemented controls and compliance with the organisational security policy

Audit logging

Audit logs recording system and user activity should be recorded and maintained according to agreed retention schedules. These logs should be available for access control monitoring and investigation of suspected incidents.

Monitoring system use

System use should be monitored and regularly reviewed.

Protection of log information

Audit logs should be protected against unauthorised access or modification.

Administrator and operator logs

System administrator and operator activity should be logged

Fault logging

All faults should be reported, analysed and corrective action taken.

Clock synchronisation

Computer clocks should be synchronised for accurate recording to an agreed time source.

An Introduction To Information, Network and Internet Security
Monitoring Objective: To detect unauthorised information processing activities. Within the organisation system events should be logged and monitored. Legal, regulatory and contractual requirements must be determined and systems monitored to ensure that they comply with them] Systems should also be monitored to ensure the effectiveness of implemented controls and compliance with the organisational security policy Audit logging Audit logs recording system and user activity should be recorded and maintained according to agreed retention schedules. These logs should be available for access control monitoring and investigation of suspected incidents. Monitoring system use System use should be monitored and regularly reviewed. Protection of log information Audit logs should be protected against unauthorised access or modification. Administrator and operator logs System administrator and operator activity should be logged Fault logging All faults should be reported, analysed and corrective action taken. Clock synchronisation Computer clocks should be synchronised for accurate recording to an agreed time source.	The Security Practitioner An Introduction to Information Security
Return To An Introduction to Information Security