LOG-03: Security Monitoring and Alerting

Control Family:

Logging and Monitoring

Info icon.

Control is new to this version of the control set and incorporates the following items from the previous version: SEF-03: Incident Reporting, SEF-05: Incident Response Metrics.

Control Statement

Identify and monitor security-related events within applications and the underlying infrastructure. Define and implement a system to generate alerts to responsible stakeholders based on such events and corresponding metrics.

Implementation Guidance

Implementation of application security monitoring should include the following components:

  1. Generation of alerts from metrics indicating risks beyond established thresholds.
  2. Categorization of risks based on business impact analysis and prioritized monitoring of high-impact risks.
  3. Consideration of automation capabilities (when applicable) to streamline application security monitoring.
  4. Reporting and/or dashboard to provide real-time visibility to security and business stakeholders on application security statuses.
  5. Periodic review of monitoring capabilities and processes by a combined group of security, IT and, business stakeholders.

Auditing Guidance

  1. Examine policy related to the security monitoring and alerting, and determine if security-related events within applications and the underlying infrastructure are identified.
  2. Examine processes related to identifying responsible stakeholders for the purpose of alerting.
  3. Evaluate the implementation with respect to effectiveness, and conduct a review of metrics.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.