THIS IS A SAMPLE! Feel free to use or modify it for your own use! Want a Policies and Procedures Wiki like this? Sign up for a Staff.Wiki trial by clicking here.

Systems Monitoring and Auditing

Overview 

Systems monitoring and auditing, at (^Company^), must be performed to determine when a failure of the information system security, or a breach of the information systems itself, has occurred, and the details of that breach or failure. 

Purpose 

System monitoring and auditing is used to determine if inappropriate actions have occurred within an information system. System monitoring is used to look for these actions in real time while system auditing looks for them after the fact.

This policy applies to all information systems and information system components of (^Company^). Specifically, it includes: 

  1. Mainframes, servers, and other devices that provide centralized computing capabilities 
  2. Devices that provide centralized storage capabilities 
  3. Desktops, laptops, and other devices that provide distributed computing capabilities 
  4. Routers, switches, and other devices that provide network capabilities 
  5. Firewall, Intrusion Detection/Prevention (IDP) sensors, and other devices that provide dedicated security capabilities 

Policy Details 

Information systems will be configured to record login/logout and all administrator activities into a log file. Additionally, information systems will be configured to notify administrative personnel if inappropriate, unusual, and/or suspicious activity is noted. Inappropriate, unusual, and/or suspicious activity will be fully investigated by appropriate administrative personnel and findings reported to the VP of IT or COO. 

Information systems are to be provided with sufficient primary (on-line) storage to retain 30-days’ worth of log data and sufficient secondary (off-line) storage to retain one year’s worth of data. If primary storage capacity is exceeded, the information system will be configured to overwrite the oldest logs. In the event of other logging system failures, the information system will be configured to notify an administrator. 

System logs shall be manually reviewed weekly. Inappropriate, unusual, and/or suspicious activity will be fully investigated by appropriate administrative personnel and findings reported to appropriate security management personnel. 

System logs are considered confidential information. As such, all access to system logs and other system audit information requires prior authorization and strict authentication. Further, access to logs or other system audit information will be captured in the logs.

Want a Policies & Procedures Wiki like this? Sign up and try Staff.Wiki by clicking here.

Next Topic:
© Copyright 2024 WorkflowFirst Software LLC
v6.0.0.14094
Up Since 5/7/2024 10:53:17 PM