Content library
CyberFundamentals (Belgium)
PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy.

How to fill the requirement

CyberFundamentals (Belgium)

PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy.

Task name
Priority
Status
Theme
Policy
Other requirements
Collection of log data on the use of data systems
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Security systems and logging
requirements

Task is fulfilling also these other security requirements

17 §: Lokitietojen kerääminen
TiHL
HAL-07.1: Seuranta ja valvonta - tietojen käyttö ja luovutukset
Julkri
TEK-12: Turvallisuuteen liittyvien tapahtumien jäljitettävyys
Julkri
TEK-12.1: Turvallisuuteen liittyvien tapahtumien jäljitettävyys - tietojen luovutukset
Julkri
49: Tietojärjestelmien lokitietojen keräys
Sec overview
1. Task description

Viranomaisen on huolehdittava, että sen tietojärjestelmien käytöstä ja niistä tehtävistä tietojen luovutuksista kerätään tarpeelliset lokitiedot, jos tietojärjestelmän käyttö edellyttää tunnistautumista tai muuta kirjautumista. Lokitietojen käyttötarkoituksena on tietojärjestelmissä olevien tietojen käytön ja luovutuksen seuranta sekä tietojärjestelmän teknisten virheiden selvittäminen.

Digiturvamallissa tietojärjestelmän omistaja voi vastata tietojärjestelmän lokitietojen keräämisen tarkastamisesta. Organisaatio dokumentoi lokien sisällön tarkemmin niissä tietojärjestelmissä, joiden teknisestä ylläpidosta se vastaa itse. Muissa tietojärjestelmissä omistaja tarkistaa yhteistyössä järjestelmätoimittajan kanssa, että tarvittavat lokit kertyvät.

Documentation of system logs for self-maintained data systems
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Security systems and logging
requirements

Task is fulfilling also these other security requirements

I10: Turvallisuuteen liittyvien tapahtumien jäljitettävyys
Katakri
12.4.1: Event logging
ISO27 Full
12.4.2: Protection of log information
ISO27 Full
6.6.1: Tietoturvan ja tietosuojan seuranta ja valvonta
Self-monitoring
CLD 12.4: Logging and monitoring
ISO 27017
1. Task description

The development of system logs must keep pace with the development of the system and enable, for example, the necessary resolution of incidents. In connection with the data system list, we describe for which systems we are responsible for the implementation of the logging. For these systems, we document:

  • which data is saved on the log
  • how long log data is retained
Clock synchronization
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Security systems and logging
requirements

Task is fulfilling also these other security requirements

12.4.4: Clock synchronisation
ISO27 Full
8.17: Clock synchronization
ISO27k1 Full
PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy.
CyFun
1. Task description

Synchronizing clocks between different systems allows for good interoperability, as well as easier tracking of problem situations and perception of event flows.

An organization must use a reliable source to adjust and synchronize time, at least for systems that are critical to its operations.

Data system log review
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Security systems and logging
requirements

Task is fulfilling also these other security requirements

I10: Turvallisuuteen liittyvien tapahtumien jäljitettävyys
Katakri
12.4.1: Event logging
ISO27 Full
12.4.3: Administrator and operator logs
ISO27 Full
PR.PT-1: Audit/log records
NIST
DE.CM-7: Monitoring for unauthorized activity
NIST
1. Task description

The organization must be aware of the logs that accrue from the use of different data systems, whether generating the logs is the responsibility of the organization or the system provider. Logs record user actions as well as anomalies, errors, and security incidents.

The adequacy of log should be reviewed regularly. If necessary, log should be usable to determine the root causes for system incidents.

Deployment and regular analysis of security system logs
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Security systems and logging
requirements

Task is fulfilling also these other security requirements

9.1.2: Access to networks and network services
ISO27 Full
12.4.1: Event logging
ISO27 Full
PR.PT-1: Audit/log records
NIST
RS.AN-1: Notifications from detection systems
NIST
8.15: Logging
ISO27k1 Full
1. Task description

Security systems (e.g. firewall, malware protection) often have the ability to record a log of events. At regular intervals, make sure that a comprehensive log is accumulated and try to identify suspicious activity. The log is also useful in investigating disturbances or violations.

Monitoring the use of the network and information systems to identify anomalies
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Security systems and logging
requirements

Task is fulfilling also these other security requirements

8.16: Monitoring activities
ISO27k1 Full
6.11: Alusta- ja verkkopalvelujen tietoturvallinen käyttö tietosuojan ja varautumisen kannalta
Tietoturvasuunnitelma
I-11: MONITASOINEN SUOJAAMINEN – POIKKEAMIEN HAVAINNOINTIKYKY JA TOIPUMINEN
Katakri 2020
5.2.3: Malware protection
TISAX
DE.CM-1: The network is monitored to detect potential cybersecurity events.
CyFun
1. Task description

Organization's data systems and network must be monitored to detect abnormal use. When anomalities are detected, the organization must take the necessary measures to assess the possibility of security incident.

The monitoring should utilize tools that enable real-time or regular monitoring, taking into account the organization's requirements. Monitoring practices should be able to manage large amounts of data, adapt to changing threat environment, and send alerts immediately when necessary.

Inclusion of the following sources in the monitoring system should be considered:

  • outbound and inbound network and data system traffic

    li>

  • access to critical data systems, servers, network devices and the monitoring system itself
  • critical system and network configuration files
  • logs from security tools (e.g. antivirus, IDS, IPS, network filters, firewalls)

Organization must also establish procedures for identifying and correcting "false positive" results, including tuning monitoring software for more accurate anomaly detection.

No items found.