Logging & Monitoring

Network Intrusion Detection and Prevention Systems

A baseline for normal network and application packet traffic is established around critical IT services. Network Intrusion Prevention Systems are used to dynamically detect deviations from the baseline and block...

Password Monitoring

There is security monitoring on organisational credentials appearing in (publicized) data-breaches. If there are indications of compromise of passwords, or risks that the credentials of individuals are compromised, passwords will...

Risk Monitoring

Event data is aggregated from multiple sources. Accepted organisational risks are monitored through defined abuse cases. Personnel security and awareness is monitored and periodically tested.

Mutation and Data Access Logs

Applications log access (attempts) to sensitive data. Applications log mutations of system configurations and sensitive data. Original values are recommended but not necessitated to be stored.

Logging events

Description Events potentially relevant to the security of systems are logged in a central logging system (different from the originating system) with timestamps synchronised to official timeservers in UTC. Logs...

Account monitoring

At least every month for all current accounts the number of lock-outs, current account status, account end-date and account-deletion date (if relevant) is reported.

Privilege account monitoring

Creation of new accounts with privileged authorisations, mutations in user groups through which privileged authorisations can be obtained and changes in passwords for non-personal privileged accounts are approved Potential abuse...