10.10.2 Monitoring System Use

Illustrative Controls and TIBCO LogLogic Solution

Monitoring system use requires organizations to accurately managing user access rights. It addresses the issues of unintended or malicious modifications of information assets. Deficiencies in this area might allow unauthorized modifications that could lead to errors in reporting.

User access rights to systems and data should be in line with defined and documented business needs and job requirements. Organizations must monitor and verify that all user access to programs and data, and review this access to ensure that all access privileges are properly assigned and approved. In addition, all logins to network devices, operating systems or platforms, databases and applications must be reviewed to ensure only authorized and appropriate personnel have access.

To satisfy this control objective, administrators must periodically review the user access to files and programs to ensure the users have not accessed items outside of their role. Administrators should select a sample of users who have logged in to reporting servers and review their access for appropriateness based upon their job functions. Administrators should also set up real-time alerts to detect any unauthorized or unapproved changes to users or groups. Monitor account management activities such as user or group addition or deletion or modification to ensure all user access privileges are appropriate and approved.

Reports and Alerts

Use the following link/reference to see the 10.10.2 reports and alerts: TIBCO LogLogic Reports and Alerts Quick Reference.