+OPS-13 Logging and Monitoring - Security Information and Event Management
---+OPS-13.01B
---+OPS-13.02B
---+OPS-13.01AC
---+OPS-13.02AC
---+OPS-13.03AC
|
1. Übersicht
OPS-13 Logging and Monitoring - Security Information and Event Management
-
| Bezeichnung |
Standard |
|
OPS-13.01B
|
The cloud service provider integrates relevant log data (cloud service derived data and cloud service provider data) into a Security Information and Event Management (SIEM) system to establish a seamless connection between logging, monitoring, and security incident management.
|
|
OPS-13.02B
|
The SIEM system is deployed within the cloud environment or externally and includes the following capabilities:
1. Standardisation of log data;
2. Automated analysis to identify and correlate potential security incidents;
3. Capabilities to detect unusual behaviour and potential threats;
4. Real-time alerting to inform the incident response team of critical events;
5. Reporting to the incident response team in case new information relevant to an event becomes available; and
6. Automated response mechanisms for addressing security incidents.
|
|
OPS-13.01AC
|
The cloud service provider validates the correct operation of event detection processes on appropriate assets. The appropriateness of the assets is identified in accordance with the asset classification schema (cf. AM-09).
|
|
OPS-13.02AC
|
Timely and appropriate remediation measures address any deviations identified during validation.
|
|
OPS-13.03AC
|
If an event that can lead to security incidents is identified, incident handling activities by the cloud service provider are triggered without undue delay.
|
1.1 Referenzen
1.2 Identifizierte Anforderungen
1.2 Related Regulation
2. Identifizierte Anforderungen
Anforderungen
| Source |
Anforderung |
3. Related Regulations
Regulations
| Source |
Regulierung |
|