• No results found

Log management and ISO 27001

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Log management and ISO 27001"

Copied!
29
0
0

Loading.... (view fulltext now)

Download now ( 29 Page )

Full text

(1)

Log management and ISO 27001

Rakesh Maheshwari

Rakesh Maheshwari

STQC Directorate

Department of Information Technology Department of Information Technology

Ministry of Communications & IT [email protected]

(2)

Log management

Log management is the process of generating,

analyzing, and storing logs.

y

g,

g

g

Organizations which develop best practices in log

management will get timely analysis of their security

profile for security operations, ensure that logs are kept in

sufficient detail for the appropriate period of time to meet

dit

d

li

i

t

d h

li bl

audit and compliance requirements, and have reliable

evidence for use in investigations.

(3)

Why should we discuss ISO 27001

Why should we discuss ISO 27001

 Reference IT Act Notification dtd 11th April 2011

 Reference IT Act Notification dtd 11th April, 2011

 G.S.R. 313(E) : Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.

P 8 d l ith “R bl S it P ti d P d d

 Para 8 deals with “Reasonable Security Practices and Procedures” and states that if an organisation have implemented such security practices and standards and have a comprehensive documented information security

programme and information sec rit policies that contain managerial technical programme and information security policies that contain managerial, technical, operational and physical security control measures that are commensurate with the information assets being protected with the nature of business then this

organisation in a way complies with reasonable security practices and organisation in a way complies with reasonable security practices and

procedures. In the event of an information security breach, the organisation shall be required to demonstrate, that they have implemented security control measures as per their documented information security programme and

measures as per their documented information security programme and information security policies.

 It further states that IS/ISO/IEC 27001 is one such standard.

(4)

ISO/ IEC 27001 : 2005

ISO/ IEC 27001 : 2005

A

ifi

ti

(

ifi

i

t f

i

l

ti

A specification (specifies requirements for implementing,

operating, monitoring, reviewing, maintaining &

improving a documented ISMS)

improving a documented ISMS)

Specifies the requirements of implementing of Security

control, customised to the needs of individual

organisation or part thereof.

Used as a basis for certification

ISO 27001 and Log Management

(5)

ISO 27001 requirements

ISO 27001 requirements

Requirements contained in the ISMS

framework

(Sections 4-8)

framework (Sections 4 8)

ISMS control requirements (Annexure A)

(6)

ISMS control requirements - Annexure A : Control

bj ti

&

t l

objectives & controls

A 5 Security Policy A.5 Security Policy

A.6 Organization of Information Security A.7 Asset Management

A.8 Human A.9 Physical & A.10 Communications A 12 Info Systems

A.8 Human Resources Security y environmental security A.10 Communications & operations management

A.12 Info. Systems Acquisition development &

maintenance A.11 Access control

A.13 Information Security Incident Management y g A.14 Business Continuity Management

ISO 27001 and Log Management

A.15 Compliance Ver 1.0

(7)

ISMS process framework requirements :

Clause 4-8

4. Information Security Management System

4.2

Establishing and managing the ISMS

g

g g

4.3

Documentation requirements

Document Control

Record Control

5. Management Responsibility

Plan

Act

g

p

y

6. Internal ISMS Audits

7. Management Review of the ISMS

g

Check

Do

8. ISMS Improvements

ISO 27001 and Log Management

(8)

Log management Requirements as

Log management Requirements as

(9)

Communications and Operations

ISO/IEC 27001:2005

Comments

F ll C t l Obj ti d di t d t l Full Control Objective dedicated to logs.

(10)

Communications and Operations Mgmt

Communications and Operations Mgmt

ISO/IEC 27001:2005

Comments

Objectives of this control is to ensure correct and secure operation of information processing facilities

processing facilities.

A10.1.3 Doer and the approver will be different. A centralised Sys Log services are recommended.

(11)

Communications and Operations Mgmt

Communications and Operations Mgmt

ISO/IEC 27001 2005

ISO/IEC 27001:2005

Comments

System Planning and acceptance reduces the risk of system failure.

(12)

Communications and Operations Mgmt

Communications and Operations Mgmt

ISO/IEC 27001 2005 ISO/IEC 27001:2005

Comments

Logs of Virus detected and outbreak Incident provides sufficient information about the g p effectiveness of the Antivirus on Systems and Email gateway.

(13)

Human Resource Security

ISO/IEC 27001:2005

y

(14)

ISO/IEC 27001 2005

Physical and Environmental Security

ISO/IEC 27001:2005

(15)

Access Control

ISO/IEC 27001 2005

ISO/IEC 27001:2005

Comments

Verification of User Creation, Rights grant and removal of rights

from logs

from logs.

(16)

ISO/IEC 27001 2005

Incident management

ISO/IEC 27001:2005

Comments

I f

ti

bt i

d f

l i

f

i

l

id

Information obtained from analysis of various logs provides

information about the security events and weakness.

(17)

Incident management

ISO/IEC 27001:2005

g

Comments

R

di

f I

id

t b

l

i

th l

Recording of Incidents by analyzing the logs.

(18)

ISO/IEC 27001 2005

Compliance

ISO/IEC 27001:2005

(19)

Cl

F

k P t

Clause: Framework Part

ISO/IEC 27001 2005

ISO/IEC 27001:2005

Comments

Measurement of effectiveness of controls : eg To check the effectiveness of IPS logs of Measurement of effectiveness of controls : eg To check the effectiveness of IPS, logs of the webserver can be seen; It will provide information about effectiveness of IPS.

(20)

Clause: Framework Part

ISO/IEC 27001 2005

ISO/IEC 27001:2005

Comments

(21)

Clause: Framework Part

Clause: Framework Part

ISO/IEC 27001 2005

ISO/IEC 27001:2005

Comments

(22)

Clause: Framework Part

Clause: Framework Part

ISO/IEC 27001 2005

ISO/IEC 27001:2005

Comments

(23)

Clause: Framework Part

Clause: Framework Part

ISO/IEC 27001 2005

ISO/IEC 27001:2005

Comments

(24)

Information Lifecycle and Log

Management

g

Information Life Cycle

Information can be : Information can be :

C t d St d D t d ?

Created Stored Destroyed ?

Processed Transmitted Copied

Used – (for proper and improper purposes)

Lost! Corrupted!

(25)

Log Management Policies

Log Management Policies,

Procedures and Technology

Policies provide management direction for the log management

activities and should clearly define mandatory requirements for log

ti

l

i

t

ti

d t

d

it

Th

h

ld

generation, analysis, retention and storage and security. They should

be created in conjunction with a plan for the procedures and

technology that are needed to implement and maintain the policies.

A comprehensive set of best practices in log management includes

the following categories:

Log management policy procedures and technology

– – Log management policy, procedures and technology

– – Log generation

– – Log retention and storage

– – Log analysis

– – Log protection and security

(26)

The Need for Best Practices in Log

The Need for Best Practices in Log

Management

Businesses face a number of challenges that make best

practices in log management an essential part of an

p

g

g

p

overall enterprise IT security strategy:

The huge number and variety of systems generating logs

The volume of logged data

The changing threat landscape

The more stringent regulatory requirements

The more stringent regulatory requirements

The increasing number of stakeholders

The uncertainties of future regulatory and legal issues

The uncertainties of future regulatory and legal issues

(27)

Why do Logs Matter for Security and

Why do Logs Matter for Security and

Compliance?

Without sufficient collection, regular review and long-term

retention of logs, your organization will not be in

g , y

g

compliance with regulations nor able to properly protect

its information assets. Logs provide a way to monitor your

systems and keep a record of security events, information

access and user activities.

I

t l

i

h

t b b

d

In some cases, event logging may have to be barred

because of privacy reasons

(28)

Summary

ISO 27001 implementation requires a well conceived

Log management Policies, Procedures and

g

g

,

Technology

Most of the controls and framework requirements

requirement a proper Log management.

Control through Logs is predominantly a detective

and a deterrence control.

An well planned and executed Log management can

h l i

ff

ti

i

l

t ti

f ISMS

help in effective implementation of ISMS.

(29)

References

Download now ( PDF - 29 Page - 1.40 MB )

Related documents

Report on the first three quarters of 2006

In the German transmission grid business, the rise in sales volumes from electric- ity fed into the grid from combined heat and power generation plants led to an increase in

Coupling Of Electromagnetic Fields From Intentional High Power Electromagnetic Sources With A Buried Cable And An Airborne Vehicle In Flight

sources producing electromagnetic interference can be of dierent power levels,dierent fre- quency of operation and of dierent eld strength.One such classication of these sources are

CITY COUNCIL MEETING DATE: 03/02/2021 AGENDA HEADING: Consent Calendar

It is the City Council’s policy that commitments of fund balance for a fiscal year must be adopted by resolution prior to fiscal year end. Amounts that have been

The Equity Trap, the Cost of Capital and the Firm’s Growth Path

impossible for the firm to pay cash to its shareholders that is not taxed as dividends (the full equity trap), the other where the shareholders are allowed a tax-free return of

A Markov Regime-Switching Framework Application for Describing El Niño Southern Oscillation (ENSO) Patterns

In MS-AR models, several autoregressive models are used to describe the time evolution of the series and the switching between these different models is controlled by a Hidden

Is there evidence against the induced demand hypothesis? Explaining the large reduction in cesarean rates

The evidence shows that declining fertility was associated with an increase in the cesarean rate, but that this effect was negated by a reverse effect from growing managed care

Understanding Report Generator CREATE REPORTS WITH CUSTOMIZED LAYOUT AND CONTENT

your information based on the report setup and the selection and sort criteria you defined.  If you do not like the way  If you do not like

SUBJECT: RECEIVING HOSPITAL DIRECTORY REFERENCE NO. 501

John's Health Center 2121 Santa