Professional Documents
Culture Documents
Security Monitoring: 1 Objective
Security Monitoring: 1 Objective
Security Monitoring
1 OBJECTIVE
This policy defines the monitoring and logging framework necessary to deter and / or detect improper
behavior, to foster user accountability, and to allow expedient systems management. All user activities
affecting production information have to be monitored and logged in a re -constructible manner. These logs
are important for error correction, forensic auditing, security breach investigations, and related e fforts.
2 SCOPE
This policy covers all information and associated IT infrastructure and facility management services within
Goldstone Technologies facilities
3 APPLICABILITY
This policy is applicable to all types of user accesses to information, associated IT infrastructure and facility
management services.
5 DETAILED POLICY
All critical network devices such as routers, switches, servers and services shall be configured to
monitor and log system events and performance. The use of information systems shall be
monitored regularly for all unexpected events.
For the logged information to be consistent and meaningful, all the critical monitored devices
such as servers, routers, switches, firewalls, IDS etc. shall have their system clocks synchronized.
GTL shall periodically audit and regularly review all recorded logs of monitored events.
Computerized logs containing security relevant events shall be retained for at least three (3)
months or till such time as the audits are conducted. During this period, such logs shall be
securely stored and its access available only to authorized persons.
Computerized records reflecting the access privileges of each Information system and IT asset
user of Goldstone shall be securely maintained for a reasonable period of time.
To provide evidence for investigation, prosecution and disciplinary action, certain information
shall be immediately captured whenever a computer crime or misuse is suspected. The relevant
Page 1
-------------------------------------------------------------------------------------------------
information will be securely stored off-line. This will be handled as per the Incident management
procedure.
Monitoring and logging devices and software shall be protected from unauthorized use and other
internal or external attacks that may deactivate the logging process and / or modify or delete the
logs themselves.
A formal log rotation and archival process shall be employed for all network periphery security
systems (such as firewalls) and all multi-user application/production servers.
Users shall be clearly informed which actions constitute security violations. Users shall also be informed that
such violations shall be logged.
The company retains the right, to report any illegal activities to the appropriate authorities.
Page 2