This paper describes and implements the University’s log management system. In this scope, are also described, the collection, the archiving, the accessibility, the maintenance for availability, integrity and confidentiality, as well as the verification of the retention time of the information generated by all systems managed by University's IT systems. All the information are included in a ISMS's technical procedure, which applies to many entities, namely systems, hosts, critical processes, personal information and everything that, through the access to them, can generate some logs. Our approach is an integrated approach, which provides us the ability to manage with a unified strategy, different requirements provided by different laws and authorities. The work describes the analysis of the different requirements of Regulation (EU) 2016/679, as well as of the Standards ISO/IEC 27001:2013 and ISO/IEC 27002:2013, and the Italian legislation on ICT Minimum Measures for Public Administration (which is directly derived from the “CIS Critical Controls for Effective Cyber Defense” version 6 of the 2015). Therefore, it describes how to integrate these requirements in the University’s Information Security Management System, to manage them, in a coherent and centralized way.
A Unified System for Log Management Compliant with Italian Requirement of 'Minimal Measures for Ict Security' and General Data Protection Regulation
francesco ciclosi
2018-01-01
Abstract
This paper describes and implements the University’s log management system. In this scope, are also described, the collection, the archiving, the accessibility, the maintenance for availability, integrity and confidentiality, as well as the verification of the retention time of the information generated by all systems managed by University's IT systems. All the information are included in a ISMS's technical procedure, which applies to many entities, namely systems, hosts, critical processes, personal information and everything that, through the access to them, can generate some logs. Our approach is an integrated approach, which provides us the ability to manage with a unified strategy, different requirements provided by different laws and authorities. The work describes the analysis of the different requirements of Regulation (EU) 2016/679, as well as of the Standards ISO/IEC 27001:2013 and ISO/IEC 27002:2013, and the Italian legislation on ICT Minimum Measures for Public Administration (which is directly derived from the “CIS Critical Controls for Effective Cyber Defense” version 6 of the 2015). Therefore, it describes how to integrate these requirements in the University’s Information Security Management System, to manage them, in a coherent and centralized way.File | Dimensione | Formato | |
---|---|---|---|
SSRN-id3321249.pdf
accesso aperto
Descrizione: Articolo principale
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
DRM non definito
Dimensione
442.31 kB
Formato
Adobe PDF
|
442.31 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.