do you maintain a procedure to verify all monitored assets are reporting logs consistently?
Do the systems supporting ‘s data provide capability to collected audit information and organizes it in a summary format that is more meaningful to analysts?
Do the systems supporting ‘s data provide alert functions?
Do the systems supportiung collect audit information (e.g. logs) into one or more central repositories?
Are you monitoring logs to detect suspicious activity?
Do you perform such monitoring on a board activity level ?
Please describe the review methodology
Does the system protect audit information and audit tools from unauthorized access, modification, and deletion?
Is access to management of audit functionality authorized only to a limited subset of privileged users?
Does the company use mechanisms across different repositories to integrate audit review, analysis, correlation, and reporting processes?