ISO/IEC 27001 Control 8.16: Monitoring activities

Control

Networks, systems and applications should be monitored for anomalous behaviour and appropriate actions taken to evaluate potential information security incidents.

Necessity of MidPoint

MidPoint is optional for implementation of this control.

Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.

Implementation Overview

MidPoint provides numerous features for monitoring of identity-related configuration, and few features to support other monitoring systems.

Implementation Details

MidPoint is monitoring access control data in connected systems, such as user databases, user profile data and entitlements. Retrieved data are processed according to access control policy, detecting policy violations, orphaned accounts, wrong user data and entitlements. MidPoint can detect anomalies in identity and access control data, such as unused accounts or access control outliers (midPoint 4.9). Moreover, midPoint can provide essential access control information (a.k.a. "who has access to what") to other detection systems by using midPoint application programming interface (API).

Rationale

MidPoint is de facto monitoring system for identity administration and access control.

Was this page helpful?
YES NO
Thanks for your feedback