Page 1110 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1110
Implementing Security Management
Processes
In addition to performing assessments and testing, sound information
security programs also include a variety of management processes
designed to oversee the effective operation of the information security
program. These processes are a critical feedback loop in the security
assessment process because they provide management oversight and
have a deterrent effect against the threat of insider attacks.
The security management reviews that fill this need include log
reviews, account management, backup verification, and key
performance and risk indicators. Each of these reviews should follow a
standardized process that includes management approval at the
completion of the review.
Log Reviews
In Chapter 16, “Managing Security Operations,” you will learn the
importance of storing log data and conducting both automated and
manual log reviews. Security information and event management
(SIEM) packages play an important role in these processes,
automating much of the routine work of log review. These devices
collect information using the syslog functionality present in many
devices, operating systems, and applications. Some devices, including
Windows systems, may require third-party clients to add syslog
support. Administrators may choose to deploy logging policies
through Windows Group Policy Objects (GPOs) and other
mechanisms that can deploy and enforce standard policies throughout
the organization.
Logging systems should also make use of the Network Time Protocol
(NTP) to ensure that clocks are synchronized on systems sending log
entries to the SIEM as well as the SIEM itself. This ensures that
information from multiple sources has a consistent timeline.
Information security managers should also periodically conduct log
reviews, particularly for sensitive functions, to ensure that privileged
