ISO 27001 audit events for cupsd

Status:	4 - Pending
Priority:	1 - Request for Enhancement, e.g. asking for a feature
Scope:	3 - Applies to all machines and operating systems
Subsystem:	Scheduler
Summary:	Add/update P2600/ISO 27001 audit events for cupsd
Version:	-feature
Created By:	mike
Assigned To:	mike
Fix Version:	Unassigned
Update Notification:	Receive EMails Don't Receive EMails

Trouble Report Files:

Name/Time/Date/Filename/Size
mike: 07:28 Jun 11, 2010 ids-logging.pdf (69k)

Trouble Report Dialog:

Name/Time/Date/Text

Name/Time/Date/Text
mike: 07:28 Jun 11, 2010 Add or update P2600 audit events. Summary here: ftp://ftp.pwg.org/pub/pwg/ids/white/IEEE2600.1_audit_events.pdf Also consider ISO 27001: One thing to add to the "regulatory" heap is ISO 27001. Although itself is not a regulation, it is a fairly widely used standard for security management. It has controls for audit logging and protection of logs. It says that audit logs should include, when relevant: a) user IDs; b) dates, times, and details of key events, e.g. log-on and log-off; c) terminal identity or location if possible; d) records of successful and rejected system access attempts; e) records of successful and rejected data and other resource access attempts; f) changes to system configuration; g) use of privileges; h) use of system utilities and applications; i) files accessed and the kind of access; j) network addresses and protocols; k) alarms raised by the access control system; l) activation and de-activation of protection systems, such as anti-virus systems and intrusion detection systems. For protection, it focuses on integrity, not confidentiality: a) alterations to the message types that are recorded; b) log files being edited or deleted; c) storage capacity of the log file media being exceeded, resulting in either the failure to record events or over-writing of past recorded events. Attached the current PWG IDS logging slides.

mike: 07:28 Jun 11, 2010

Add or update P2600 audit events. Summary here:

    ftp://ftp.pwg.org/pub/pwg/ids/white/IEEE2600.1_audit_events.pdf

Also consider ISO 27001:

One thing to add to the "regulatory" heap is ISO 27001. Although itself is not a regulation, it is a fairly widely used standard for security management. It has controls for audit logging and protection of logs. It says that audit logs should include, when relevant:

a) user IDs;
b) dates, times, and details of key events, e.g. log-on and log-off;
c) terminal identity or location if possible;
d) records of successful and rejected system access attempts;
e) records of successful and rejected data and other resource access attempts;
f) changes to system configuration;
g) use of privileges;
h) use of system utilities and applications;
i) files accessed and the kind of access;
j) network addresses and protocols;
k) alarms raised by the access control system;
l) activation and de-activation of protection systems, such as anti-virus systems and intrusion detection systems.

For protection, it focuses on integrity, not confidentiality:

a) alterations to the message types that are recorded;
b) log files being edited or deleted;
c) storage capacity of the log file media being exceeded, resulting in either the failure to record events or over-writing of past recorded events.

Attached the current PWG IDS logging slides.