Description:
Organizations uphold a comprehensive approach to information security by implementing procedures for the regular review of records of information system activity. This encompasses thorough examinations of audit logs, access reports, and security incident tracking reports. Regular reviews of these records are crucial for identifying anomalies, detecting potential security incidents, and ensuring compliance with established security policies and regulatory requirements.
The implementation of these procedures ensures that the organization maintains a proactive stance in monitoring information system activity. By regularly reviewing records, organizations enhance their ability to promptly detect and respond to security incidents, prevent unauthorized access, and continuously improve their overall security posture.
Priority: High
Category: Security and Risk Management
Services Associated with AWS:
- AWS CloudWatch for log monitoring
- AWS CloudTrail for auditing AWS resources
- AWS Identity and Access Management (IAM) for access control
Services Associated with Azure:
- Azure Monitor for log analytics
- Azure Activity Log for auditing Azure resources
- Azure Active Directory for access control
Objective Evidence:
- Administrative: Documented procedures for the regular review of audit logs, access reports, and security incident tracking reports.
- Technical: Screenshots or documentation showcasing the use of automated tools for audit log collection and analysis.
- Technical: Records of regular access report reviews, including actions taken in response to identified issues.
- Administrative: Reports summarizing the findings and outcomes of security incident tracking reports.
Possible Technology Considerations:
- Security Information and Event Management (SIEM) Systems:
- Access Monitoring Solutions
- Incident Tracking and Reporting Tools
- Log Analysis and Visualization Tools
What Needs to Be Answered:
- Effectiveness of Log Review Procedures
- Timeliness of Incident Detection
- Accuracy of Access Reports
- Incident Response Improvement