Netspective Communications LLC must use monitoring and auditing systems to actively identify any security failures or breaches within the information system, and provide details of such incidents. [FII-SCF-007-MON-01]
-
Netspective Communications LLC will configure the information systems to log all login/logout and administrator activities. Additionally, if any inappropriate, unusual, or suspicious activity is detected, the administrative personnel will be notified, and a thorough investigation will be conducted. The findings of the investigation will be reported to the VP of IT or COO.
-
The information systems must have enough primary storage to retain 30 days’ worth of log data and sufficient secondary storage to retain one year’s worth of data. If primary storage capacity is exceeded, the system will overwrite the oldest logs. In case of any other logging system failures, the system will notify an administrator.
-
The administrative personnel shall manually review system logs every week. Any inappropriate, unusual, or suspicious activity detected in the system logs will be fully investigated by the appropriate administrative personnel and the findings will be reported to the security management personnel .
-
System logs are confidential, and access to them or other system audit information requires prior authorization and strict authentication. Furthermore, any access to logs or system audit information will be captured in the logs.