15.3.2 Protection of Information System Audit Tools

Illustrative Controls and TIBCO LogLogic Solution

A logging and monitoring function enables the early detection of unusual or abnormal activities that might have to be addressed. Administrators must ensure that IT security implementation is tested and monitored proactively. IT security should be reaccredited periodically to ensure that the approved security level is maintained.

Access to the logging information is in line with business requirements in terms of access rights and retention requirements. IT security administration must monitor and log security activity, and identify security violations to report to senior management. This control directly addresses the issues of timely detection and correction of data modification.

To fulfil this requirement, administrators must review the user access logs on a regular basis on a weekly basis for any access violations or unusual activity. Administrators must periodically, such as daily or weekly, review reports that show user access to servers related to the ISO process. Review of these reports must be shown to the auditors to accomplish this requirement.

In addition, administrators must ensure that all relevant log sources are logging properly to a centralized log management system. TIBCO LogLogic’s solution is developed from ground up to be a regulatory compliance solution. All log messages, once received by the appliances, are transferred through TCP to ensure reliability. All log files stored on the ST appliances have a separate MD5 signature, stored away from the file, to ensure that no files are tempered with.

Reports and Alerts

Use the following link/reference to see the 15.3.2 reports and alerts: TIBCO LogLogic Reports and Alerts Quick Reference.