Page 1243 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1243
the organization experiences legal issues. For example, if
regulations require an organization to keep logs for one year but
the organization has 10 years of logs, a court order can force
personnel to retrieve relevant data from these 10 years of logs. In
contrast, if the organization keeps only one year of logs, personnel
need only search a year’s worth of logs, which will take significantly
less time and effort.
The National Institute of Standards and Technology (NIST) publishes
a significant amount of information on IT security, including Federal
Information Processing Standards (FIPS) publications. The
Minimum Security Requirements for Federal Information and
Information Systems (FIPS 200) specifies the following as the
minimum security requirements for audit data:
Create, protect, and retain information system audit records to the
extent needed to enable the monitoring, analysis, investigation, and
reporting of unlawful, unauthorized, or inappropriate information
system activity.
Ensure that the actions of individual information system users can
be uniquely traced to those users so they can be held accountable
for their actions.
You’ll find it useful to review NIST documents when
preparing for the CISSP exam to give you a broader idea of
different security concepts. They are freely available, and you can
access them here: http://csrc.nist .gov. You can download the FIPS
200 document here: http://csrc.nist
.gov/publications/fips/fips200/FIPS-200-final-march.pdf.
The Role of Monitoring
Monitoring provides several benefits for an organization, including
increasing accountability, helping with investigations, and basic
troubleshooting. The following sections describe these benefits in
