|
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrator
The logging possible on the network server should be activated to a sensible degree. The Network Administrator must review the network server log files at regular intervals. All security-relevant events should be logged. In this context, the following occurrences are of particular interest:
How many other events are logged will depend to a certain extent on the protection requirements of the IT systems concerned. The greater the protection requirement, the more information should be logged.
As log files can become very long over time, the intervals at which they are evaluated should kept short. To enable appropriate analysis of the data, every protocol entry should include the user ID or process number, terminal device ID, date and time.
Additional controls:
© Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
last update: October 2000 |