AI2.4 Application Security and Availability
Use identified areas of risk and organization-specific security architecture and data classification to address requirements for application availability and security.
Illustrative Controls and the TIBCO LogLogic Solution
Application security and availability controls help ensure the confidentiality, integrity, and availability of systems, applications, and data. These controls help implement the organization’s requirements for data classification, access control, and risk management.
To satisfy this objective, administrators must ensure that preventive and detective controls have been established to protect relevant applications and data. Monitoring availability-related events in application and system logs supports this control objective. Additionally, tracking and monitoring changes in authorization and access levels helps provide assurance that security controls are being implemented according to the policy.