Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Log management
Log management is the process of generating, analyzing, and storing logs.
Organizations which develop best practices in log management will get timely analysis of their security profile for security operations, ensure that logs are kept in sufficient detail for the appropriate period of time to meet audit and compliance requirements, and have reliable evidence for use in investigations.
ISO 27001 and Log ManagementVer 1.0 2
Why should we discuss ISO 27001 Reference IT Act Notification dtd 11th April, 2011 G.S.R. 313(E) : Information Technology (Reasonable security practices and
procedures and sensitive personal data or information) Rules, 2011. Para 8 deals with “Reasonable Security Practices and Procedures” and
states that if an organisation have implemented such security practices and standards and have a comprehensive documented information security programme and information security policies that contain managerial, technical, operational and physical security control measures that are commensurate with the information assets being protected with the nature of business then this organisation in a way complies with reasonable security practices and procedures. In the event of an information security breach, the organisation shall be required to demonstrate, that they have implemented security control measures as per their documented information security programme and information security policies.
It further states that IS/ISO/IEC 27001 is one such standard.
ISO 27001 and Log ManagementVer 1.0 3
ISO/ IEC 27001 : 2005
A specification (specifies requirements for implementing, operating, monitoring, reviewing, maintaining & improving a documented ISMS)
Specifies the requirements of implementing of Security control, customised to the needs of individual organisation or part thereof.
Used as a basis for certification
ISO 27001 and Log ManagementVer 1.0
ISO 27001 requirements
Requirements contained in the ISMS framework (Sections 4-8)
ISMS control requirements (Annexure A)
Ver 1.0 ISO 27001 and Log Management 5
ISMS control requirements - Annexure A : Control objectives & controls
5. Security Policy
6. Organization of Information Security
7. Asset Management
A.8 Human Resources Security
A.9 Physical & environmental
security
A.10 Communications & operations management
A.12 Info. Systems Acquisition
development &
maintenanceA.11 Access control
13. Information Security Incident Management
14. Business Continuity Management
15. Compliance
ISO 27001 and Log ManagementVer 1.0
ISMS process framework requirements :Clause 4-8
4. Information Security Management System– 4.2– 4.3
Establishing and managing the ISMS Documentation requirements
PlanAct
DoCheck
• Document Control• Record Control
5. Management Responsibility6. Internal ISMS Audits7. Management Review of the ISMS8. ISMS Improvements
ISO 27001 and Log ManagementVer 1.0
Communications and Operations
ISO/IEC 27001:2005
CommentsFull Control Objective dedicated to logs.
Ver 1.0 9ISO 27001 and Log Management
Communications and Operations Mgmt
ISO/IEC 27001:2005
CommentsObjectives of this control is to ensure correct and secure operation of information processing facilities.A10.1.3 Doer and the approver will be different. A centralised Sys Log services are
Ver 1r.0ecommended. 10ISO 27001 and Log Management
Communications and Operations Mgmt
ISO/IEC 27001:2005
CommentsSystem Planning and acceptance reduces the risk of system failure.
ISO 27001 and Log ManagementVer 1.0 11
Communications and Operations Mgmt
ISO/IEC 27001:2005
CommentsLogs of Virus detected and outbreak Incident provides sufficient information about the effectiveness of the Antivirus on Systems and Email gateway.
ISO 27001 and Log ManagementVer 1.0 12
Access ControlISO/IEC 27001:2005
CommentsVerification of User Creation, Rights grant and removal of rights from logs.
ISO 27001 and Log ManagementVer 1.0 15
Incident managementISO/IEC 27001:2005
CommentsInformation obtained from analysis of various logs provides information about the security events and weakness.
ISO 27001 and Log ManagementVer 1.0 16
Incident management
ISO/IEC 27001:2005
CommentsRecording of Incidents by analyzing the logs.
ISO 27001 and Log ManagementVer 1.0 17
Clause: Framework PartISO/IEC 27001:2005
Comments,
the webserver can be seen; It will provide information about effectiveness of IPS.ISO 27001 and Log ManagementVer 1.0 19
Information Lifecycle and Log Management
Information Life Cycle
Information can be :
Created Stored Destroyed ?
Processed Transmitted Copied
Used – (for proper and improper purposes)
Lost! Corrupted!
ISO 27001 and Log ManagementVer 1.0 24
Log Management Policies, Procedures and Technology Policies provide management direction for the log management
activities and should clearly define mandatory requirements for log generation, analysis, retention and storage and security. They should be created in conjunction with a plan for the procedures and technology that are needed to implement and maintain the policies.
A comprehensive set of best practices in log management includes the following categories:– – Log management policy, procedures and technology– – Log generation– – Log retention and storage– – Log analysis– – Log protection and security
ISO 27001 and Log ManagementVer 1.0 25
The Need for Best Practices in Log Management Businesses face a number of challenges that make best
practices in log management an essential part of an overall enterprise IT security strategy:– The huge number and variety of systems generating logs– The volume of logged data– The changing threat landscape– The more stringent regulatory requirements– The increasing number of stakeholders– The uncertainties of future regulatory and legal issues
ISO 27001 and Log ManagementVer 1.0 26
Why do Logs Matter for Security and Compliance? Without sufficient collection, regular review and long-term
retention of logs, your organization will not be in compliance with regulations nor able to properly protect its information assets. Logs provide a way to monitor your systems and keep a record of security events, information access and user activities.
In some cases, event logging may have to be barred because of privacy reasons
ISO 27001 and Log ManagementVer 1.0 27
Summary
ISO 27001 implementation requires a well conceived Log management Policies, Procedures and Technology
Most of the controls and framework requirements requirement a proper Log management.
Control through Logs is predominantly a detective and a deterrence control.
An well planned and executed Log management can help in effective implementation of ISMS.
ISO 27001 and Log ManagementVer 1.0 28