Logging & Monitoring

Network Intrusion Detection and Prevention Systems

Description A baseline for normal network and application packet traffic is established around critical IT services. Network Intrusion Prevention Systems are used to dynamically detect deviations from the baseline and...

Password Monitoring

Description There is security monitoring on organisational credentials appearing in (publicized) data-breaches. If there are indications of compromise of passwords, or risks that the credentials of individuals are compromised, passwords...

Risk Monitoring

Description Event data is aggregated from multiple sources. Accepted organisational risks are monitored through defined abuse cases. Personnel security and awareness is monitored and periodically tested. Specification Tooling is available...

Access and authentication attempts

Description Authentication attempts are logged including originating IP and attempted user. Passwords are not logged. Access to the network is logged. Specification AD Security audit log central policy enabled. Network...

Mutation and Data Access Logs

Description Applications log access (attempts) to sensitive data. Applications log mutations of system configurations and sensitive data. Original values are recommended but not necessitated to be stored. Specification Mutation and...

Logging events

Description Events potentially relevant to the security of systems are logged in a central logging system (different from the originating system) with timestamps synchronised to official timeservers in UTC. Logs...

Session and Identity monitoring

Description Protections are in place to detect and prevent unauthorised user activity based on context and behaviour. Specification The Risky Logins report is frequently monitored and checked.

Account monitoring

Description At least every month for all current accounts the number of lock-outs, current account status, account end-date and account-deletion date (if relevant) is reported. Specification Report account monitoring is...

Privilege account monitoring

Description Creation of new accounts with privileged authorisations, mutations in user groups through which privileged authorisations can be obtained and changes in passwords for non-personal privileged accounts are approved Potential...