Expert Advice Community

Guest

2.4 . 1 /2/3/4 Requirements for logging and monitoring

  Quote
Guest
Guest user Created:   Jul 21, 2020 Last commented:   Jul 21, 2020

2.4 . 1 /2/3/4 Requirements for logging and monitoring

How are you keeping? I am busy with the process and as you know when done thoroughly takes a lot of time. At the moment I am busy with the Audit logging process and I am Looking for 12.4 . 1 /2/3/4 Requirements for logging and monitoring

Can you please help me out here as I cannot find these the toolkit stops at 12.1

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 21, 2020

Controls A.12.4.1 (Event logging) and A.12.4.3 (Administrator and operator logs) are covered by the document Security Procedures for IT Department, located on folder 08 Annex A Security Controls >> A.12 Operations Security

To cover control A.12.4.2 (Protection of log information) you can use the document A.8.3 Information Classification Policy, located on folder 08 Annex A Security Controls >> A.8 Asset Management, to define rules according to the information classification of the log.

To cover control A.12.4.4 (Clock synchronization), you can use the Statement of Applicability, briefly explaining in the column "Implementation method" how the clock is synchronized.

This article will provide you a further explanation about log and monitoring:

This material will also help you regarding log and monitoring:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 21, 2020

Jul 21, 2020