Overview
Logging from systems, applications and organizational services can provide critical information and offer indicators of system compromise. Logging information may not be viewed on a daily basis. Nonetheless, it is expedient to have this process from a forensics standpoint.
Purpose
This document will serve as a policy attempting to address the issue of user data logging by identifying system requirements that the systems in use must meet, thereby facilitating audit logs and their integration with a management’s log function. This policy will be adopted for use at X organization. In this way, X organization will ensure that new systems support logging activities, including audits and managerial functions. This document covers all production systems located in X organization.
Delegate your assignment to our experts and they will do the rest.
Standard Log
Requirements
It is expected that all systems handling private information contain networks access and provide access control shall record and maintain, for a period of time, audit logging information that could answer the following questions: (i) what activities were performed? (ii) Who performed the activity and on what station? (iii) What activity was performed on the system, (iv) when was the activity performed, and (v) what tools effected the activity, as well as (vi) what was the status of the activity?
Log activities
Logs shall be created when the following activities are requested on the system:
Creating, reading, updating or deleting confidential information such as passwords.
Create any information not stated above.
Initiate and accept a network connection.
Authentication activities such as log in and log out.
Granting, modifying or revoking user privileges.
System changes.
Application start-up and shut-down.
Detection of malicious activities.
Elements of the Log Activity
Various elements of the log activity shall be collected for the purpose of log description data.
Type of action.
Subsystem that is performing the action.
Identifier data – this may include user name, log times, IP address, Mac Name among other forms of information that can more accurately describe the activity.
Identifiers on system actions – these include accessed files, query parameters among other forms of data regarding the activity engaged in.
Before and after values which were generated in the course of the activity.
Access control on the activity in question.
Description on access control – reasons behind access restrictions.
Log Formatting
Formatting of data logs shall be achieved by a third party agent who will ensure integrity of logs destroyed and who can also support enterprise-based log management through analysis and reporting.
Policy Compliance
Compliance measurement shall be verified by the Info Sec Team through various methods which include walk-throughs, business tool reports, audits, feedback to the owners and video monitoring. All and any exceptions to this policy shall be approved by the Info Sec Team in writing and prior to issuance of the exception. Employees found to be in violation of this policy will be subjected to disciplinary action, including termination and forwarding to relevant authorities.
