DS5.5 Security Testing, Surveillance, and Monitoring
Ensure that IT security is tested and monitored proactively. IT security should be reaccredited periodically to ensure the approved security level is maintained.
A logging and monitoring function enables the early detection of unusual or abnormal activities that must be addressed.
Access to the logging information is in line with business requirements in terms of access rights and retention requirements.
Illustrative Controls and the TIBCO LogLogic Solution
IT security administration must monitor and log security activity, and identify security violations to report to senior management. This control directly addresses the issues of timely detection and correction of financial data modification.
To satisfy this control, administrators must review the user access logs on a regular basis on a weekly basis for any access violations or unusual activity. Administrators must periodically, such as daily or weekly, review reports that show user access to servers related to financial reporting process. Review of these reports must be shown to auditors to satisfy this requirement.
Monitor and log all user activities on servers and applications. Detect any unusual behavior using real-time alerts. Identify security violations to report to senior management.