2.4 . 1 /2/3/4 Requirements for logging and monitoring
How are you keeping? I am busy with the process and as you know when done thoroughly takes a lot of time. At the moment I am busy with the Audit logging process and I am Looking for 12.4 . 1 /2/3/4 Requirements for logging and monitoring
Can you please help me out here as I cannot find these the toolkit stops at 12.1
Assign topic to the user
Controls A.12.4.1 (Event logging) and A.12.4.3 (Administrator and operator logs) are covered by the document Security Procedures for IT Department, located on folder 08 Annex A Security Controls >> A.12 Operations Security
To cover control A.12.4.2 (Protection of log information) you can use the document A.8.3 Information Classification Policy, located on folder 08 Annex A Security Controls >> A.8 Asset Management, to define rules according to the information classification of the log.
To cover control A.12.4.4 (Clock synchronization), you can use the Statement of Applicability, briefly explaining in the column "Implementation method" how the clock is synchronized.
This article will provide you a further explanation about log and monitoring:
- Logging and monitoring according to ISO 27001 A.12.4 https://advisera.com/27001academy/logging-according-to-iso-27001/
This material will also help you regarding log and monitoring:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
Jul 21, 2020