Monitoring System Access and Use

Monitoring System Access and Use

Event Logging

CX Index will log all security-relevant events or exceptions.

CX Index will monitor event logs at periodic intervals, not to exceed weekly.  Automated log analysis and alerting will suffice for this provision.

Event logs will contain:

  • User IDs used in logons
  • Dates and times for logon and logoff for each user
  • Terminal identity (system name and network address)
  • Successful and rejected access attempts
  • Successful or rejected data access attempts
  • Use of elevated privileges (e.g. through ‘su’ or ‘run as’)
  • Any access to Member data (Account  numbers)

Monitoring System Use

CX Index will monitor the use of information processing facilities to detect unauthorised activities and ensure that users are only performing the functions and gaining access to information to which they are authorised.

Each facility shall perform a risk assessment to determine the level of monitoring required.

Monitored Items

Areas eligible for monitoring include:

  • Authorised access:
    • User IDs
    • Date and time of key events
    • Types of events
    • Files accessed
    • Programs and utilities use
  • Privileged operations:
    • Use of supervisor accounts
    • Use of other privileged accounts (i.e.  administrator)
    • System start-up and stop
    • Devise attachment and removal
  • Unauthorised attempts:
    • Failed attempts for access
    • Access policy violations and notifications for network gateways and firewalls
    • Alerts from proprietary intrusion detection systems
  • System alerts or failures:
    • Console alerts or messages
    • System log exceptions
    • Network management alarms
  • All access to Member data, including root/administration access 

Monitoring results shall be retained in accordance with retention schedules for potential evidence.

Review of Monitored Information

The Senior Management will regularly review the results of the monitoring of information processing facilities to detect deviations from CX Index’s access policy and to improve and discipline those that deviate.

The factors that determine the frequency of review include:

  • Value, criticality or sensitivity of the information or application involved;
  • Past experience of infiltration or misuse; and
  • Extent of interconnections.

Those who violate policies shall be disciplined.

Incidents shall be reviewed and controls put in place to stop future occurrences.

Protection of Monitored Information

Event and security logs must be protected in order to assure their accuracy and to protect them against tampering or misuse.

All original logs must be kept unaltered.  Extracted log events shall be kept separately from the original logs.

The review of logs will be segregated from those whose actions are logged.

Controls shall be put in place that prevent and monitor:

  • attempts to de-activate logs
  • attempts to alter message types that are recorded
  • attempts to edit or delete log files
  • the log file becoming exhausted and either overwriting itself or failing to record events

Clock Synchronisation

CX Index will use a common method to ensure that all system clocks are synchronized.  This will ensure the accuracy of the audit logs, and protect the integrity and credibility of any logs that might need to be used as future evidence.

All computers with real-time clocks shall be set on one time standard (i.e.  UCT or local standard time) that is used within the entirety of CX Index.

E-Mail, Voice-Mail and Internet Access Monitoring

CX Index’s e-mail, voice-mail and Internet access systems are to be used primarily for CX Index business.   CX Index reserves the right to access e-mail or voice-mail systems at any time with or without advance notice or consent of the employee.  Such access may occur before, during or after working hours by any manager or security personnel designated by CX Index.  

Employees should not have an expectation of privacy in their voice-mail or e-mail messages, or in computers or computer storage devices.  CX Index also reserves the right to monitor all Internet access.   While CX Index recognises that accidental access to undesirable sites is unavoidable, prolonged or repeated access to undesirable sites will be construed as intentional violation of CX Index’s policy and may result in disciplinary action up to and including termination.  

All Internet data that is composed, transmitted or received via CX Index’s computer communications systems is considered to be part of CX Index’s official records and, as such, may be subject to disclosure to third parties.  Employees should always ensure that the business information contained in Internet transmissions is accurate, appropriate, ethical, and lawful.







 


Was this article helpful?