Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
6.2. Integrity Operations<br />
The following are the Non-Mandatory Procedures that support the Integrity<br />
Operations section <strong>of</strong> the Default Security Requirements:<br />
6.2.1. Monitor System Security Controls<br />
Agencies should provide for continuous monitoring <strong>of</strong> security controls to<br />
ensure that the value <strong>of</strong> the implemented controls is not undermined and their<br />
security protection is not minimized:<br />
6.2.1.1 Identify Sources <strong>of</strong> Information<br />
Before monitoring can be performed, the organization must<br />
determine the granularity with which monitoring <strong>of</strong> the infrastructure<br />
will be performed and configure the infrastructure to perform that<br />
monitoring:<br />
• Decide on the infrastructure level to be monitored.<br />
• Establish what information capturing capabilities exist natively<br />
to infrastructure components that could be monitored.<br />
• Determine which infrastructure components will be<br />
monitored to achieve the required granularity.<br />
• Configure monitoring capabilities to capture required<br />
information.<br />
6.2.1.2 Collect and Collate Data from All Sources<br />
Combining monitoring information from multiple sources allows for<br />
events to be reviewed with greater context. This contextualization<br />
yields greater insight into the nature and potential results <strong>of</strong> any<br />
event:<br />
• Gather monitoring information from disparate systems on a<br />
periodic basis.<br />
• Consolidate disparate monitoring information into a central<br />
repository.<br />
6.2.1.3 Analyze Aggregated Data<br />
Once monitoring data has been collected it must be reviewed for<br />
potential threats and threat trends to determine if Incident Response<br />
processes should be activated:<br />
• Review monitoring data for Precursors <strong>of</strong> potential threat as<br />
well as Indicators <strong>of</strong> actual threat. Examine both individual<br />
events as well as event trend data.<br />
21