An Introduction To
Objective: To detect unauthorised information processing activities.
Within the organisation system events should be logged and monitored. Legal, regulatory and contractual requirements must be determined and systems monitored to ensure that they comply with them]
Systems should also be monitored to ensure the effectiveness of implemented controls and compliance with the organisational security policy
Audit logs recording system and user activity should be recorded and maintained according to agreed retention schedules. These logs should be available for access control monitoring and investigation of suspected incidents.
Monitoring system use
System use should be monitored and regularly reviewed.
Protection of log information
Audit logs should be protected against unauthorised access or modification.
Administrator and operator logs
System administrator and operator activity should be logged
All faults should be reported, analysed and corrective action taken.
Computer clocks should be synchronised for accurate recording to an agreed time source.
The Security Practitioner
An Introduction to Information Security