The Information Security Team Commits Confidentiality, Integrity, And Availability Of Assets

1205 WordsMay 1, 20155 Pages
The Information Security team commits to the confidentiality, integrity, and availability of assets. Even more, security policies clarify how the company intends to protect company assets against similar breaches in the future. For example, the Monitoring and Logging Policy define the following procedures to review: systems logs; access reports; administrator and operator logs; fault logs. Monitoring and logging are important to any information security program. In general, monitoring ensures users are doing legal activities on company systems. To begin with, a risk assessment determines what computers and systems to log, and naturally, the information security team monitors the high-risk systems. Next, trained personnel configure systems to facilitate monitoring and logging to track security incidents with approved system utilities or auditing tools, in other words, scripts, log management software, and security incident event management (ISO, 2005). Also, management will pre-approve tools, and controls will safeguard operational systems during the analysis process. Consequently, monitored systems and security events generates an audit log entry, thereby producing a time-stamped reference trail. In the end, the monitoring and logging policy will aid in protecting electronic protected health information (EPHI) on information systems. Monitoring and Logging Policy Justification First of all, a monitoring and logging policy is a crucial component of any security program

More about The Information Security Team Commits Confidentiality, Integrity, And Availability Of Assets

Open Document