This compliance standard has gained worldwide acceptance by organizations both large and small, especially in United Kingdom, Japan, India, United States and other countries. See World Distribution of ISO 27001 Certifications.
ISO 27001 standard will help your organization manage the security of sensitive assets such as financial data, intellectual property, employee records, customer data, and other sensitive information. It mandates that enterprises enforce information security, thereby reducing the possible risk of data thefts and breaches.
EventLog Analyzer can make your organization to comply with the ISO 27001:2013 controls A.12.4.1, A.12.4.2 and A.12.4.3, These controls help organizations to record events and generate evidence. EventLog Analyzer also fulfills the controls A.9.2.1, A.9.2.5 and A.9.4.2 that ensures authorized user access and prevents unauthorized access to systems and services.
|Requirement Number||Requirement Description||How EventLog Analyzer fulfills the requirement?|
|Event logs recording user activities; exceptions, faults and information security events shall be produced, kept and regularly reviewed.||EventLog Analyzer software enables organizations to completely automate the entire process of managing terabytes of logs by collecting, analyzing, searching, reporting, and archiving from one central location. It archives all log data on the EventLog Analyzer server itself.
All user activities, server activities, errors, security events, information events, application events, and other events are monitored and analyzed by EventLog Analyzer in real-time.All events are reviewed regularly via out-of-the-box security reports that monitor and analyze users, devices, systems, and applications.
Protection of log information
|Logging facilities and log information shall be protected against tampering and unauthorized access.||EventLog Analyzer encrypts the event log archive files to ensure the log data is secured for future forensic analysis, compliance and internal audits by hashing and time stamping the log data.
The hashing of the archive log data files further secures the event log data. The time stamping technique ensures that the archive data files are tamper proof. If there is a modification of file, this technique will reveal that the file has been tampered.EventLog Analyzer’s object access monitoring and File Integrity Monitoring capability ensures that the log information is kept secured from all threats.
Administrator and operator logs
|System administrator and system operator activities shall be logged and the logs protected and regularly reviewed.||EventLog Analyzer provides you with PUMA (Privileged user monitoring and audit) reports. It closely analyzes the user activity of system administrators and system operators and generates the security reports that show the complete activity done by them for any given time. The graphical reports give the complete picture of user activities and also allow you to drill down to the raw logs for more security insights. You can also export the reports to PDF and CSV formats.
EventLog Analyzer captures all user audit trails to ensure that the log files that capture the activities of system administrators and system operators are protected from unauthorized access and threats.EventLog Analyzer monitors and analyzes important log events such as User Logons, User Logoffs, Failed Logons, Successful User Account Validation, Failed User Account Validation, Audit Logs Cleared, Audit Policy Changes, Objects Accessed, User Account Changes, User Group Change and more.
Review of user access rights
|Asset owners shall review users’ access rights at regular intervals.||EventLog Analyzer generates security reports that can tell you the list of hosts generating maximum number of successful and failed login events.
Monitoring the login events in real-time will allow asset owners to know when their network is vulnerable to security threats.
Secure log-on procedures
|Where required by the access control policy, access to systems and applications should be controlled by a secure log-on procedure.||EventLog Analyzer collects and generates reports on all account management and account usage activity events.
Changes to accounts, user policies, domain policies, and audit policies are monitored, analyzed, and reports are generated in real-time.Other user access events related to access/authorization to critical systems, devices, applications, and permissions related event activities are also automatically monitored and analyzed by EventLog Analyzer in real-time.
User registration and de-registration
|A formal user registration and de-registration process should be implemented to enable assignment of access rights.||EventLog Analyzer notifies and reports in real-time when new user accounts are created, when user accounts are deleted, when user accounts are locked out and when user accounts are modified in the organization.|