Logging from critical systems, applications, and services can provide key information and potential indicators of compromise. Although logging information may not be viewed on a daily basis, it is critical to have from a forensics standpoint.
The purpose of this policy is to define the monitoring and logging requirement necessary to deter and / or detect improper behaviour, to foster user accountability, and to allow expedient systems event management.
The objective of this policy is to ensure that DOOR detects all the security events including unauthorized information access, user success and failed access and all administrative activities on critical systems. This is to ensure that all necessary events are recorded to monitor / detect the improper behaviour so that necessary actions.
All the Organization’s system components like Infrastructure network equipment’s & Security devices i.e. Firewall, Routers, IDS/IPS, VPN etc, applications, databases and all information systems i.e. servers are subject to this procedure.
All systems that handle confidential information, accept network connections, or make access control (authentication and authorization) decisions shall record and retain audit-logging information that includes the following data attributes:
Overall, it is expected to monitor at least the following types of logs:
Such logs shall identify or contain at least the following elements, directly or indirectly. In this context, the term “indirectly” means unambiguously inferred.
The system shall support the formatting and storage of audit logs in such a way as to ensure the integrity of the logs and to support enterprise-level analysis and reporting. Note that the construction of an actual enterprise-level log management mechanism is outside the scope of this document.
The default retention period for the logs is 90 days, unless longer retention times are required by the law.
This policy will be reviewed as it is deemed appropriate, but no less frequently than every 12 months.
Further information and advice on this policy can be obtained from the Door Team, policies@doorfunds.com.