Logging & Monitoring
Network Intrusion Detection and Prevention Systems
A baseline for normal network and application packet traffic is established around critical IT services. Network Intrusion Prevention Systems are used to dynamically detect deviations from the baseline and block...
Password Monitoring
There is security monitoring on organisational credentials appearing in (publicized) data-breaches. If there are indications of compromise of passwords, or risks that the credentials of individuals are compromised, passwords will...
Risk Monitoring
Event data is aggregated from multiple sources. Accepted organisational risks are monitored through defined abuse cases. Personnel security and awareness is monitored and periodically tested.
Access and authentication attempts
Authentication attempts are logged including originating IP and attempted user. Passwords are not logged. Access to the network is logged.
Mutation and Data Access Logs
Applications log access (attempts) to sensitive data. Applications log mutations of system configurations and sensitive data. Original values are recommended but not necessitated to be stored.
Logging events
Description Events potentially relevant to the security of systems are logged in a central logging system (different from the originating system) with timestamps synchronised to official timeservers in UTC. Logs...
Session and Identity monitoring
Protections are in place to detect and prevent unauthorised user activity based on context and behaviour.
Account monitoring
At least every month for all current accounts the number of lock-outs, current account status, account end-date and account-deletion date (if relevant) is reported.
Privilege account monitoring
Creation of new accounts with privileged authorisations, mutations in user groups through which privileged authorisations can be obtained and changes in passwords for non-personal privileged accounts are approved Potential abuse...