Audit Log Management

Body

Issue/Question

What is the USD security policy on Audit Log Management?

Environment

  • CIS Control 8

Cause

Protect against cybersecurity threats, establish cybersecurity norms, enhance cybersecurity maturity 

Resolution

Audit Log Management

Policy Statement: The University recognizes the critical importance of comprehensive audit log management in maintaining the security and integrity of its information systems. This policy establishes guidelines for the generation, collection, retention, and protection of audit logs to facilitate effective monitoring, analysis, and incident response.

Policy Implementation:

  1. Audit Log Generation:

    • The University will ensure that audit logs are generated for all relevant events and activities within its information systems, including user logins, access attempts, configuration changes, and security incidents.
    • Audit logging mechanisms will be configured to capture sufficient detail to facilitate effective monitoring, analysis, and incident response.

  2. Log Retention and Storage:

    • Audit logs will be retained for a defined period based on regulatory requirements, legal obligations, and business needs.
    • Log storage solutions will be implemented to securely store audit logs in a tamper-evident manner, protecting against unauthorized modification or deletion.

  3. Access Controls and Monitoring:

    • Access to audit logs will be restricted to authorized personnel with a legitimate need-to-know, such as security administrators and incident response teams.
    • Access to audit log files will be monitored and logged to detect unauthorized access attempts and ensure compliance with access control policies.

  4. Log Integrity and Protection:

    • Measures will be implemented to ensure the integrity and protection of audit logs from tampering, manipulation, or unauthorized access.
    • Techniques such as cryptographic hashing, digital signatures, and file integrity monitoring will be employed to verify the integrity of log data and detect unauthorized modifications.

  5. Log Review and Analysis:

    • Regular reviews and analysis of audit logs will be conducted to identify security incidents, policy violations, and suspicious activities.
    • Automated log analysis tools and manual review processes will be used to correlate log data, detect anomalies, and investigate potential security incidents.

Compliance and Enforcement: Non-compliance with this policy may result in disciplinary action, including but not limited to loss of access privileges, fines, or termination of employment. All members of the University community are responsible for adhering to this policy and actively participating in audit log management activities.

Policy Review: This policy will be reviewed annually to ensure alignment with emerging threats, changes in technology, and regulatory requirements. Updates will be made as necessary to maintain the effectiveness and relevance of audit log management practices.

This policy provides a framework for implementing CIS Control 8 within a university environment, focusing on audit log management practices to enhance the security and integrity of University information systems and data.

Please contact the Service Desk if you need further assistance

ITS STAFF ONLY

  1. Follow Reviewing USD Security Policy Requests

Details

Details

Article ID: 8940
Created
Tue 3/5/24 9:30 AM
Modified
Mon 3/18/24 8:13 PM
KCS Article Status
WIP: Only Problem & some Environment captured
Not Validated: Complete & Resolution captured, confidence lacks in structure, content, no feedback
Validated: Complete & reusable, used by licensed KCS user, confidence in resolution & std. compliance
Validated

Related Articles

Related Articles (1)

USD IT Security Program and Policies