Issue/Question
What is the USD security policy on Audit Log Management?
Environment
Cause
Protect against cybersecurity threats, establish cybersecurity norms, enhance cybersecurity maturity
Resolution
Audit Log Management
Policy Statement: The University recognizes the critical importance of comprehensive audit log management in maintaining the security and integrity of its information systems. This policy establishes guidelines for the generation, collection, retention, and protection of audit logs to facilitate effective monitoring, analysis, and incident response.
Policy Implementation:
-
Audit Log Generation:
- The University will ensure that audit logs are generated for all relevant events and activities within its information systems, including user logins, access attempts, configuration changes, and security incidents.
- Audit logging mechanisms will be configured to capture sufficient detail to facilitate effective monitoring, analysis, and incident response.
-
Log Retention and Storage:
- Audit logs will be retained for a defined period based on regulatory requirements, legal obligations, and business needs.
- Log storage solutions will be implemented to securely store audit logs in a tamper-evident manner, protecting against unauthorized modification or deletion.
-
Access Controls and Monitoring:
- Access to audit logs will be restricted to authorized personnel with a legitimate need-to-know, such as security administrators and incident response teams.
- Access to audit log files will be monitored and logged to detect unauthorized access attempts and ensure compliance with access control policies.
-
Log Integrity and Protection:
- Measures will be implemented to ensure the integrity and protection of audit logs from tampering, manipulation, or unauthorized access.
- Techniques such as cryptographic hashing, digital signatures, and file integrity monitoring will be employed to verify the integrity of log data and detect unauthorized modifications.
-
Log Review and Analysis:
- Regular reviews and analysis of audit logs will be conducted to identify security incidents, policy violations, and suspicious activities.
- Automated log analysis tools and manual review processes will be used to correlate log data, detect anomalies, and investigate potential security incidents.
Compliance and Enforcement: Non-compliance with this policy may result in disciplinary action, including but not limited to loss of access privileges, fines, or termination of employment. All members of the University community are responsible for adhering to this policy and actively participating in audit log management activities.
Policy Review: This policy will be reviewed annually to ensure alignment with emerging threats, changes in technology, and regulatory requirements. Updates will be made as necessary to maintain the effectiveness and relevance of audit log management practices.
This policy provides a framework for implementing CIS Control 8 within a university environment, focusing on audit log management practices to enhance the security and integrity of University information systems and data.
Please contact the Service Desk if you need further assistance