Welcome to the Wiki of Compleye Online

Logging and Monitoring Information

It is not mandatory to have a complete overview of all logging and monitoring information, although it might come in handy when starting up your ISMS. However, it will become increasingly difficult, when scaling to keep track of all logs available and who or what system is monitoring the loggings.

If you decide to setup an overview, please find below a template you can copy into your environment.

This this wiki we address the security requirements related to the management of logging and monitoring.

The objectives of logging and monitoring are:

  • To allow verification of the proper functioning of IT resources.
  • To check that the relevant requirements are correctly implemented, and that the resulting security is ensured.
  • To establish any dysfunctions and analyze their causes afterwards.
  • To control and monitor the evolution of threats and vulnerabilities.
  • To detect any security anomaly or abuse of use that may engage the responsibility of the Company.
  • To be able to respond to any official request and the necessary investigations.

Requirements set out in this wiki relate to the following aspects of logging and monitoring. these are examples or suggestions – you will need to make your own considerations.

1.Purposes, restrictions and validation of logging devices

The company’s information system integrates event logging to keep track of certain operations carried out in order:

  • To be able to anticipate or detect security incidents as early as possible, and to take the necessary measures to limit their occurrence or impact;
  • To feed audit trails and analyze them to understand, justify or demonstrate certain actions carried out using the company’s information system or on the resources included in it.

2.Generation of Logs Logs generated by logging devices make it possible to:

    • Detect operating anomalies or attempted breaches of security (intrusion, identity theft, denial of service, etc.);
    • Control the compliant use of the Information system resources (messaging, internet services, etc.) with rules applied to the company;
    • Manage administration operations of information system resources and of security equipment;
    • Provide evidence to support legal action.

    3.Constraints

    Several constraints can be taken into consideration when implementing the logging system, especially:

    • The capacity of some information system components to generate logs;
    • The volume of logs generated;
    • The workload associated with analysis of logs.

    4.Securing of Logs

    There are no cases where log information contains passwords or other confidential information.

    5.Content of log information

    The content of log information is defined according to the nature of events logged and the associated purposes of use. Log information should contain at least the data making it possible to:

    • Attribute the logged event (action or attempted action on the information system) to its origin (physical person, equipment and/or computer program, etc.)
    • Date of the event;
    • Qualify it to understand its nature:
      • Type of operation (e.g., sending an email);
      • Significant parameters of the action (e.g., recipients of the email);
      • Result of the operation (e.g., success or failure);

    The content of each log must provide the following information:

    • For logs of administration operations of the information system:

      • The administrator’s identifier
      • The address of the administrator’s workstation
      • The date/time/min and duration of the actions
      • Possible problems and causes of errors
    • For logs of exchanges with the internet:

      • The address of the sender and recipient(s)
      • The date/time/min of sending and receiving
      • The associated volume
      • The results of anti-spam and anti-virus checks
      • Possible problems and causes of errors

    Was this article helpful?
    0 out of 5 stars
    5 Stars 0%
    4 Stars 0%
    3 Stars 0%
    2 Stars 0%
    1 Stars 0%
    How can we improve this article?
    Please submit the reason for your vote so that we can improve the article.