10.10.3 Protection of Log Information

Illustrative Controls and TIBCO LogLogic Solution

Audit trails maintain a record of system activity both by system and application processes and by user activity of systems and applications. In conjunction with appropriate tools and procedures, audit trails can assist in detecting security violations, performance problems, and flaws in applications. The auditor can obtain valuable information about activity on a computer system from the audit trail. Audit trails improve the auditability of the computer system.

Organizations must maintain a complete and accurate audit trail for network devices, servers, and applications. This enables organizations to address how businesses identify root causes of issues that might introduce inaccuracy in reporting. Also, problem management system must provide for adequate audit trail facilities that allow tracing from incident to underlying cause.

IT security administration must monitor and log security activity, and identify security violations to report to senior management. This control directly addresses the control for audit controls over information systems and networks.

To achieve this control objective, administrators must ensure all network devices, servers, and applications are properly configured to log to a centralized server. In addition, administrators must ensure that logs are transmitted securely and reliably over the network. Ensure that the log management solution provides capabilities such as encrypted TCP connections for log transport.

The TIBCO LogLogic^® Log Management Intelligence (LMI) solution automatically records the event date and time, event status (success or failure), event origin (log source IP address) and event type (firewall connection, access or authentication, IDS, E-Mail, or web access) for every single event. TIBCO LogLogic then identifies all users, system components or resources within the events to help administrator correctly analyze the events. Finally, all log data are protected by TIBCO LogLogic’s granular permission-based authorization system as well as digital hash of all the log data.

Reports and Alerts

Use the following link/reference to see the 10.10.3 reports and alerts: TIBCO LogLogic Reports and Alerts Quick Reference.