ISO/IEC 27001 Control 6.8: Information security event reporting
Control
The organization should provide a mechanism for personnel to report observed or suspected information security events through appropriate channels in a timely manner.
Necessity of MidPoint
MidPoint is optional for implementation of this control.
Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.
Implementation Overview
MidPoint provides features that can provide security event details if necessary.
Implementation Details
MidPoint provides supporting capabilities, which provides data regarding security events, making reporting of the events easier. MidPoint reporting capabilities, audit trail as well as information produced by policy rules can be used to provide such information. Synchronization capability can automatically detect, report and handle some security events, such as orphaned accounts. Policy rules can be used to automatically mark policy violations (such as SoD violations, or clearances), which can be reported or displayed on dashboard. Administrators can manually mark suspicious objects, which can be later manually reviewed.
Rationale
This control focuses on mechanisms allowing users to report security events. MidPoint has strong capabilities that support security event detection. However, such detection mechanisms are not focused of this control.