Content library
CyberFundamentals (Belgium)
RS.AN-1: Notifications from detection systems are investigated.

How to fill the requirement

CyberFundamentals (Belgium)

RS.AN-1: Notifications from detection systems are investigated.

Task name
Priority
Status
Theme
Policy
Other requirements
Data system log review
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Security systems and logging
requirements

Task is fulfilling also these other security requirements

I10: Turvallisuuteen liittyvien tapahtumien jäljitettävyys
Katakri
12.4.1: Event logging
ISO27 Full
12.4.3: Administrator and operator logs
ISO27 Full
PR.PT-1: Audit/log records
NIST
DE.CM-7: Monitoring for unauthorized activity
NIST
1. Task description

The organization must be aware of the logs that accrue from the use of different data systems, whether generating the logs is the responsibility of the organization or the system provider. Logs record user actions as well as anomalies, errors, and security incidents.

The adequacy of log should be reviewed regularly. If necessary, log should be usable to determine the root causes for system incidents.

Definition and monitoring of alarm policies
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Security systems and logging
requirements

Task is fulfilling also these other security requirements

12.4.1: Event logging
ISO27 Full
16.1.7: Collection of evidence
ISO27 Full
PR.DS-4: Availability
NIST
DE.AE-5: Incident alert thresholds
NIST
RS.AN-1: Notifications from detection systems
NIST
1. Task description

Often, security tools provide a way to set alert policies when something potentially dangerous happens in an organization's environment. For example, Microsoft 365 has built-in alert policies to alert you to abuse of administrator privileges, malware, potential internal and external risks, and data security risks.

The organization must identify security-related events in data systems and the environments in which they operate. To respond to changes related to these events, alarm policies must be created.

Alarm policies need to be actively monitored and modified based on experience.

Deployment and regular analysis of security system logs
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Security systems and logging
requirements

Task is fulfilling also these other security requirements

9.1.2: Access to networks and network services
ISO27 Full
12.4.1: Event logging
ISO27 Full
PR.PT-1: Audit/log records
NIST
RS.AN-1: Notifications from detection systems
NIST
8.15: Logging
ISO27k1 Full
1. Task description

Security systems (e.g. firewall, malware protection) often have the ability to record a log of events. At regular intervals, make sure that a comprehensive log is accumulated and try to identify suspicious activity. The log is also useful in investigating disturbances or violations.

Automatic log data analyzation
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Security systems and logging
requirements

Task is fulfilling also these other security requirements

12.4.1: Event logging
ISO27 Full
6.6.1: Tietoturvan ja tietosuojan seuranta ja valvonta
Self-monitoring
DE.CM-3: Personnel activity
NIST
TEK-13.1: Poikkeamien havainnointikyky ja toipuminen - poikkeamien havainnointi lokitiedoista
Julkri
8.15: Logging
ISO27k1 Full
1. Task description

System logs often contain a wealth of information, much of which is irrelevant to security monitoring. In order to identify events relevant to security monitoring, consideration should be given to automatically copying appropriate message types to another log or to using appropriate utilities or audit tools to review and resolve files.

No items found.