Back to all our Insights
Knowledge

Activity Log Review: Is It Necessary?

The Importance of Activity Log Review in Information Security 

In the era of digitalization, or Industry 4.0, nearly all company activities have been automated using IT applications and systems. This brings positive impacts such as efficiency and accuracy in business processes. However, on the other hand, increased digitalization also elevates the risk of cybercrime. According to data from the Indonesian National Police, 3,429 cybercrime cases were recorded from January to August 2019. 

Cybercrime not only originates from external parties but can also occur due to negligence or actions by internal company employees. To mitigate these risks, the Ministry of Communication and Informatics of the Republic of Indonesia mandates electronic system operators to implement ISO/IEC 27001, as regulated in KOMINFO Ministerial Regulation Number 4 of 2016 concerning Information Security Management Systems. 

Activity Log Monitoring in ISO/IEC 27001 

One of the primary steps in preventing cybercrime, according to ISO/IEC 27001, is to monitor system activity logs, as stipulated in Annex 12.4. Activity logs record all system activities, such as user access, system changes, and incident detection. By regularly monitoring logs, companies can analyze activity trends and identify potential threats before major incidents occur. 

Log monitoring can be performed periodically according to organizational needs, for example, once a month or once every three months, depending on the level of risk faced. For instance, a company can detect failed access attempts or discover suspicious firewall activity carried out by unknown users. 

Organizational Steps in Activity Log Monitoring 

For optimal activity log monitoring, organizations need to implement the following steps: 

1. Establish schedules and procedures for activity log monitoring. 

2. Protect logs from unauthorized changes, ensuring the security of activity records that include:  

  • User ID and system access. 
  • User login and logout times. 
  • Successful and failed access attempts. 
  • System configuration changes. 
  • Operating system utility usage. 
  • Protection system activities (firewall, antivirus, etc.). 

3. Appoint specific employees or functions responsible for activity log monitoring. 

4. Investigate suspicious activities. 

5. Configure information security alert tools to detect account changes or login failures. 

6. Retain log documentation for at least 1 year, with easy access to logs within a 3-month period, in accordance with PCI DSS Requirements. 

7. Conduct periodic monitoring of the log collection process to ensure the system functions optimally. 

Conclusion 

Performing activity log monitoring is a strategic step in maintaining corporate information security. By implementing effective log monitoring policies, organizations can ensure the confidentiality, integrity, and availability of information and IT systems. 

IT GRC Team
Robere & Associates (Indonesia)

OTHER INSIGHT POSTS
Good Governance Is Not a Choice, but a Necessity for Business Success Knowledge
What Is ISO 37001: How Modern Organizations Build Integrity and Trust Knowledge

Leave a Reply

Consult with us