Sample Auditing Standard:: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
== | ==Sample Auditing Standard== | ||
The Auditing Standard builds on the objectives established in the [[Sample Asset Protection Policy:|'''Sample Asset Protection Standard''']], and provides specific auditing and logging requirements including activation, protection, retention, and storage. | |||
| | |||
== | ==Objectives== | ||
# '''General''' | |||
## The Company shall employ a centralized audit-logging scheme such that audit logs are securely written to a centralized log system. | |||
## The centralized log system shall provide a mechanism for archiving audit logs in accordance with applicable legal and regulatory requirements. | |||
## All Company servers, network devices, and multi-user systems shall receive time synchronization from a dedicated, central Company time source. | |||
## Authorized personnel shall review audit logs to detect indications of, or patterns associated with malicious activity and take appropriate action or respond in accordance with the [[Sample_Threat_Monitoring_Standard:|'''Threat Monitoring Standard''']] and [[Sample_Incident_Response_Standard:|'''Incident Response Standard''']]. | |||
# '''Activation''' | |||
## Auditing shall be enabled on all Company servers, network devices, and multi-user systems. | |||
## Security changes, significant activity, and high-risk functions must be recorded. | |||
## Audit records shall be generated for successful and/or failed attempts to: | |||
### Log on or log off to the system | |||
### Change User and Group Accounts | |||
### Startup and shutdown the system | |||
### Change security policy or configuration settings | |||
### Backup or restore data | |||
### Access sensitive information | |||
## Audit records should include who, what, when and from where the recorded event or activity occurred. | |||
# '''Protection''' | |||
## Audit logs and records shall be protected to prevent deletion or alteration from unauthorized users. | |||
## Access to the audit logs, audit records, and audit configuration settings shall be restricted to privileged accounts. | |||
# '''Retention and Storage''' | |||
## Audit logs must be stored on an alternate media prior to re-initialization. | |||
## Each system will provide sufficient storage to ensure logs will not be overwritten during normal operating conditions and situations that generate logging activity 300% greater than normal system operating scenarios. | |||
### Audit logs must be retained on-line for a time period defined by the Document Retention Schedule or otherwise defined by legal requirements which currently is thirteen (13) months. | |||
### Security-related audit logs should be archived on read-only media, if possible, then secured and retained according to applicable legal and regulatory requirements. | |||
<br> | <br> | ||
== | ==Document Examples== | ||
Use these samples as a guide for your policy development. Fully customizable versions are available from [http://policy-machine.com The Policy Machine].<br> | |||
The | |||
<br> | <br> | ||
<gallery> | |||
Image:Auditing Standard.png|Auditing Standard page one of seven. | |||
Image:Auditing Standard(1).png|Auditing Standard page two of seven. | |||
Image:Auditing Standard(2).png|Auditing Standard page three of seven. | |||
Image:Auditing Standard(3).png|Auditing Standard page four of seven. | |||
Image:Auditing Standard(4).png|Auditing Standard page five of seven. | |||
Image:Auditing Standard(5).png|Auditing Standard page six of seven. | |||
Image:Auditing Standard(6).png|Auditing Standard page seven of seven. | |||
</gallery> |
Latest revision as of 20:12, 15 January 2014
Sample Auditing Standard
The Auditing Standard builds on the objectives established in the Sample Asset Protection Standard, and provides specific auditing and logging requirements including activation, protection, retention, and storage.
Objectives
- General
- The Company shall employ a centralized audit-logging scheme such that audit logs are securely written to a centralized log system.
- The centralized log system shall provide a mechanism for archiving audit logs in accordance with applicable legal and regulatory requirements.
- All Company servers, network devices, and multi-user systems shall receive time synchronization from a dedicated, central Company time source.
- Authorized personnel shall review audit logs to detect indications of, or patterns associated with malicious activity and take appropriate action or respond in accordance with the Threat Monitoring Standard and Incident Response Standard.
- Activation
- Auditing shall be enabled on all Company servers, network devices, and multi-user systems.
- Security changes, significant activity, and high-risk functions must be recorded.
- Audit records shall be generated for successful and/or failed attempts to:
- Log on or log off to the system
- Change User and Group Accounts
- Startup and shutdown the system
- Change security policy or configuration settings
- Backup or restore data
- Access sensitive information
- Audit records should include who, what, when and from where the recorded event or activity occurred.
- Protection
- Audit logs and records shall be protected to prevent deletion or alteration from unauthorized users.
- Access to the audit logs, audit records, and audit configuration settings shall be restricted to privileged accounts.
- Retention and Storage
- Audit logs must be stored on an alternate media prior to re-initialization.
- Each system will provide sufficient storage to ensure logs will not be overwritten during normal operating conditions and situations that generate logging activity 300% greater than normal system operating scenarios.
- Audit logs must be retained on-line for a time period defined by the Document Retention Schedule or otherwise defined by legal requirements which currently is thirteen (13) months.
- Security-related audit logs should be archived on read-only media, if possible, then secured and retained according to applicable legal and regulatory requirements.
Document Examples
Use these samples as a guide for your policy development. Fully customizable versions are available from The Policy Machine.
-
Auditing Standard page one of seven.
-
Auditing Standard page two of seven.
-
Auditing Standard page three of seven.
-
Auditing Standard page four of seven.
-
Auditing Standard page five of seven.
-
Auditing Standard page six of seven.
-
Auditing Standard page seven of seven.