From the course: ISO 27001:2022-Compliant Cybersecurity: The Annex A Controls
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Logging and monitoring (Controls 8.15–8.17)
From the course: ISO 27001:2022-Compliant Cybersecurity: The Annex A Controls
Logging and monitoring (Controls 8.15–8.17)
- [Instructor] One of the best ways to start investigating a security incident is by looking at system event logs. But how do you know that your organization is correctly logging the right events? The answer lies in Controls 8.15 through 8.17 of ISO 27001 which cover logging and monitoring requirements. Control 8.15 is simply called Logging, and it requires your organization to produce, store, protect, and analyze logs that record activities, exceptions, faults, and other relevant events. Because logs are so important when investigating security incidents, you want to make sure they are protected and include the right information. ISO 27002 has many suggestions for what should be included in your event logs, such as user IDs, timestamps of relevant events, user activities like log on, log off, et cetera, system configuration changes, and use of elevated privileges and admin activities. Refer to ISO 27002 for more…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.