13.1.2 Reporting Security Weaknesses
Ensure that the security techniques and related management procedures are used to authorize access and control information flows from and to networks such as Intrusion Detection. The security incident management system should provide for adequate audit trail facilities that allow tracking, analyzing, and determining the root cause of all reported problems considering:
Managing problems and incidents addresses how an organization identifies documents and responds to events that fall outside of normal operations. You must maintain a complete and accurate audit trail for network devices, servers and applications. This enables you to address how your business identifies root causes of issues that may introduce inaccuracy in reporting. Also, your problem management system must provide for adequate audit trail facilities that allow tracing from incident to underlying cause.
To fulfil this requirement, administrators must periodically review IDS logs to ensure that the IDS tools are fully utilized. In addition, administrators must ensure that all network devices, servers, and applications are properly configured to log in to a centralized server. Administrators must also periodically review logging status to ensure that these devices, servers, and applications are logging correctly. By alerting on any failures that occur, administrators can respond rapidly to potential problems and incidents that might affect availability, security, or performance. Real-time data monitoring and reporting capabilities reduce time to repair after incidents, reducing costs, and improving application availability.
Reports and Alerts
Use the following link/reference to see the 13.1.2 reports and alerts: TIBCO LogLogic Reports and Alerts Quick Reference.