Log Management in ISO 27001

ISO 27001 (or ISO/IEC 27001) is the primary international standard for information security. It provides guidelines on how to implement an effective Information Security Management System (ISMS). Specifically, the standard highlights the log management as a control tool.

But first, an introduction to ISO/IEC 27001:

ISO/IEC 27001 is comprised of a set of processes and guidelines to help organizations (of any type and size) systematically and cost-effectively protect their data by adopting an ISMS or Information Security Management System. Certification serves not only to attest to the company’s compliance with the standard but also has marketing and commercial benefits. It can enhance the company’s brand reputation and, in some cases, may be explicitly required in sales negotiations. In particular, large enterprises may seek certified supply chains, and the Public Administration may require ISO 27001 certification as a prerequisite for bidding or contracting.

The objectives of ISO 27001 are essentially three:

1. Confidentiality: Only authorized individuals have the right to access information.
2. Integrity: Only authorized individuals can modify information.
3. Availability: Information must be accessible to authorized individuals whenever needed.

How does ISO 27001 work?

The standard is essentially divided into three parts. The first part consists of four clauses (from number 0 to number 3), serving as an introduction to ISO 27001. The second part (clauses 4 to 10) describes the requirements for successful certification. The third part is Annex A, which introduces 114 controls (not mandatory) that are important for risk management. These controls are crucial for meeting certification requirements and serve as guidelines for developing an ISMS (Information Security Management System).

Log Management and ISO 27001

Within the controls section of Annex A of ISO 27001/2022, rules are outlined for optimal log management to control ISMS activities. Four types of activities are identified:

1. Event logging: Recording user access, errors, and events, especially those involving important users such as System Administrators.
2. Log storage: Storing logs individually in a centralized location, especially when multiple sources are involved.
3. Protection of logs: Logs must be protected from unauthorized access, modification, and deletion. Information in the logs should not be tampered with, as it would compromise traceability and the ability to analyze logs retrospectively.
4. Analysis of logs: Generated logs should be regularly analyzed to detect unusual user behavior or frequent errors.

If you would like more information on log management, please fill out the form below!