Page 27 - Information_Security_Program
P. 27
SYSTEM LOGGING AND MONITORING [DP280]
Back to Table of Contents
Scope: IT Staff (I.S.).
Distribution: Executive Leadership Team; Director of Information Technology, Privacy and Data Security; IT Staff, Directors, Managers
and Supervisors.
Purpose: To detect unauthorized access to and use of information systems.
External Regulation or Standard: 45 CFR 164.312(b); 45 CFR 164.308(a)(1)(ii)(D) ‐ Security Management Process, PCI DSS 5.2, 10.1 –
10.7
Who is Responsible Statement Policy, Standard, or Procedure Statement
Number
IT Staff DP280.1 The organization will track and review system activity by unique ID according
to the parameters in this policy to track and report quarterly to Chief Financial
Officer
IT Staff DP280.2 Daily review unauthorized and failed log‐on attempts for systems processing,
storing, or transmitting payment card data or PHI. Report 5 or more
unauthorized or failed log‐on attempts to Chief Financial Officer, and Director
of Information Technology, Privacy and Data Security as soon as identified.
IT Staff DP280.3 Review audit logs for any changes made to the system security settings for
systems processing, storing, or transmitting payment card data or PHI, and
report changes to Chief Financial Officer, and Director of Information
Technology, Privacy and Data Security.
IT Staff DP280.4 Enable anti‐virus software log generation for systems processing, storing, or
transmitting payment card data.
IT Staff DP280.5 Configure automated synchronization to a centralized time standard on all
servers, internetworking equipment, and access control devices that support it.
IT Staff DP280.6 Retain audit logs according to the Board Retention Policy.
IT Staff DP280.7 Secure audit trails so they cannot be altered by:
Limiting the viewing of audit trails to those with a job‐related need,
Protecting audit trail files from unauthorized modifications,
Promptly backing up audit trail files to a centralized log server or media that is
difficult to alter,
Writing logs for external‐facing technologies onto a log server on the internal
LAN
Use file‐integrity monitoring or change‐detection software on logs to ensure
that existing log data cannot be changed without generating alerts (although
new data being added should not cause an alert).
26 | P a g e
GES CONFIDENTIAL