Most of the GDPR's requirements talk about not only getting proper consent from individuals, but also notifying these individuals on how their data is being handled as well as what rights they have over this collected data. However, there are also specific requirements concerning the security operations center (SOC). Apart from ensuring lawful and transparent data collection, businesses also need to establish technical measures to safeguard data from attacks and threats. This is the primary objective of the SOC. To meet this requirement, you need to deploy security information and event management (SIEM) solution.
ManageEngine Log360 is a comprehensive SIEM solution, that will help you meet the IT security requirements of the GDPR with its predefined audit report template. The solution also comes with the threat intelligence, forensic analysis, incident detection and management capabilities, that will help you protect personal data and stay GDPR compliant.
Explore Log360 and see for yourself how it helps meet the GDPR compliance requirements. We also assist you with a free e-book that decrypts GDPR’s IT security articles and gives you information on how Log360 helps you to meet those.
Why wait? Go ahead, download Log360, and explore it with a 45-day extended complimentary license. Need expert’s assistance in tuning the solution to fit your environment? Do not hesitate we’re a form away!
If you don't find it in your inbox within the next few minutes, check your spam folder.
This document elaborates on the GDPR's IT security requirements, the measures security administrators need to take to meet these requirements, and how Log360, a comprehensive security information and event management (SIEM) solution, can help you meet these requirements.
"..in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)."
Article | What it means | What Log360 offers |
---|---|---|
"..in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)." | To prevent unauthorized processing, set up security configurations and monitor the changes to these configurations to detect unauthorized or unlawful access and processes. Audit all the operations performed on personal data to ensure the processes carried out in a legitimate manner. |
Log360 provides out-of-the-box audit reports as below to ensure authorized access to personal data.
|
Protip: One of the best methods to prevent unauthorized or unlawful processing of personal data is to keep a check on network intrusions. With most of the security attacks aiming to steal personal data, it is mandatory that you try stop those attacks at its intrusion stage and continue protecting personal data. Log360 helps stop security attacks by identifying malicious traffic into the network. The solution's threat intelligence feature includes Global IP Threat Database and STIX/TAXII threat feed processor that are dynamically updated with known malicious sources (IP addresses, domains, and URLs). An attempt of intrusion from any of these suspicious sources will result in instant email/SMS notification with which you can block the traffic and safeguard personal data from being mishandled. |
||
Article 25 (2) "...In particular, such measures shall ensure that by default personal data are not made accessible without the individual’s intervention to an indefinite number of natural persons." | Ensure that personal data access is granted only for selected users and is not made accessible to everyone. Monitor the privileged user group that has permissions to access and process personal data.Changes to this group should be tracked and analyzed to avoid unauthorized access to personal data. |
Log360 offers logon reports that help check who accesses the systems and applications that store/process personal data. Additionally, the permission and security configuration change reports (specified above) will also help validate the personal data access. |
Article 32 1(b) "... ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;" | Regularly audit the systems (or servers) that store and applications (databases) that process personal data. Get notified in real-time upon any unauthorized access attempts, permission changes, privilege escalations, or unexpected shutdowns of servers and applications that could result in potential threats affecting their confidentiality or integrity. |
To ensure confidentiality and integrity, Log360 offers real-time email notifications and exhaustive auditing reports on:
|
Article 33 (1) "In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it,.." | Data breaches, if any should be detected and reported to supervisory authorities within 72 hours. | Log360, with its real-time correlation engine and threat intelligence platform, helps enterprises detect data breaches in real-time. The solution is capable of detecting data leakages for well-known attacks such as:
|
Article 33-3(d) "....describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects. | Elaborate the efforts taken to mitigate the attacks and its adverse effects. | Log360's forensic analysis capability helps to ascertain the data breach'seffects including:
|
Apart from the abovelisted individual reports that help you probe into information that you need for meeting GDPR's security requirements, Log360 provides a comprehensive GDPR audit report, that aggregates and presents events across your network for easy auditing.
Log360 is an integrated solution for all log management and network security challenges. It offers real-time log collection, analysis, monitoring, correlation, and archiving capabilities that help protect confidential data, thwart internal security threats, and combat external attacks. To help meet the most needed security, auditing, and compliance demands, the solution comes packaged with over 1,200 predefined reports and alert criteria.
Download 30-day trialIf you don't find it in your inbox within the next few minutes, check your spam folder.
© 2022 Zoho Corporation Pvt. Ltd. All rights reserved.