DSS05.07 Manage Vulnerabilities and Monitor the Infrastructure for Security-Related Events

Ensure that IT security is tested and monitored proactively. IT security must be reaccredited periodically to ensure the approved security level is maintained.

A logging and monitoring function enables the early detection of unusual or abnormal activities that must be addressed.

Access to the logging information is in line with business requirements in terms of access rights and retention requirements.

Illustrative Controls and the TIBCO LogLogic Solution

IT security administration must monitor and log security activity, and identify security violations to report to senior management. This control directly addresses the issues of timely detection and correction of financial data modification.

To satisfy this control, administrators must review the user access logs on a regular basis on a weekly basis for any access violations or unusual activity. Administrators must periodically, such as daily or weekly, review reports that show user access to servers related to the financial reporting process. Review of these reports must be shown to auditors to satisfy this requirement.

Monitor and log all user activities on servers and applications. Detect any unusual behavior using real-time alerts. Identify security violations to report to senior management.

Reports and Filter Bloks

Use the following link or reference to see the DSS05.07 reports and filter bloks: TIBCO LogLogic Reports and Filter Bloks for Sarbanes-Oxley and COBIT 2019.