Please sir in the toolkit of ISO 27001 under the Annex 12-6 there is a table for the level of logging by device type. Please can you throw more light on this form me?
Assign topic to the user
If I understood you correctly, you want some sort of reference for the level of logging by device type (this would be related to Annex A.12.4 - Log and monitoring, not A.12.6 - Technical vulnerability management).
Considering that, there is no such template in the toolkit, since for each organization the level of logging, or which device type should be logged, may vary according to the organization's risk tolerance, results of risk assessment, and applicable legal requirements (e.g., laws, regulations, and contracts). Additionally, such documents may mislead organizations while implementing their own logging practices, because they may understand that these are the solution for their risk, without considering their own organizational context.
For example, for a firewall log, you can adopt source and destination IP, date, user, and for workstation log you can use IP, date, user, successful/failed login, etc.
This article will provide you a further explanation about logging:
- Logging and monitoring according to ISO 27001 A.12.4 https://advisera.com/27001academy/logging-according-to-iso-27001/
Comment as guest or Sign in
Jun 24, 2020