ISO/IEC 27001 Control 8.16: Monitoring activities
Control
Networks, systems and applications should be monitored for anomalous behaviour and appropriate actions taken to evaluate potential information security incidents.
Necessity of MidPoint
MidPoint is optional for implementation of this control.
Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.
Implementation Overview
MidPoint provides numerous features for monitoring of identity-related configuration, and few features to support other monitoring systems.
Implementation Details
MidPoint is monitoring access control data in connected systems, such as user databases, user profile data and entitlements. Retrieved data are processed according to access control policy, detecting policy violations, orphaned accounts, wrong user data and entitlements. MidPoint can detect anomalies in identity and access control data, such as unused accounts or access control outliers (midPoint 4.9). Moreover, midPoint can provide essential access control information (a.k.a. "who has access to what") to other detection systems by using midPoint application programming interface (API).
Rationale
MidPoint is de facto monitoring system for identity administration and access control.
Related Features
Related Controls
-
ISO/IEC 27001 5.25: Assessment and decision on information security events
-
ISO/IEC 27001 5.26: Response to information security incidents
-
ISO/IEC 27001 5.24: Information security incident management planning and preparation
-
ISO/IEC 27001 5.36: Compliance with policies, rules and standards for information security