A Unified System for Log Management Compliant with Italian Requirement of 'Minimal Measures for Ict Security' and General Data Protection Regulation

This paper describes and implements the University’s log management system. In this scope, are also described, the collection, the archiving, the accessibility, the maintenance for availability, integrity and confidentiality, as well as the verification of the retention time of the information generated by all systems managed by University's IT systems. All the information are included in a ISMS's technical procedure, which applies to many entities, namely systems, hosts, critical processes, personal information and everything that, through the access to them, can generate some logs. Our approach is an integrated approach, which provides us the ability to manage with a unified strategy, different requirements provided by different laws and authorities. The work describes the analysis of the different requirements of Regulation (EU) 2016/679, as well as of the Standards ISO/IEC 27001:2013 and ISO/IEC 27002:2013, and the Italian legislation on ICT Minimum Measures for Public Administration (which is directly derived from the “CIS Critical Controls for Effective Cyber Defense” version 6 of the 2015). Therefore, it describes how to integrate these requirements in the University’s Information Security Management System, to manage them, in a coherent and centralized way.