• Products
    LOG COLLECTOR
    NXLog Enterprise Edition
    Full feature multi-platform log collection
    NXLog Community Edition
    Open-source free log collector
    ADD-ONS FOR NXLOG ENTERPRISE EDITION
    NXLog Add-Ons
    Integration with various software
    AGENT MANAGER FOR NXLOG ENTERPRISE EDITION
    NXLog Manager
    Manage and monitor NXLog instances
    NXLog Minder
    Hyper-scalable, API-first agent management
    DATABASE FOR NXLOG ENTERPRISE EDITION
    Raijin Database Engine
    The schemaless SQL database for storing events
    more from nxlog
    Professional Services
    Compare NXLog EE and CE
  • Downloads
    NXLog Enterprise Edition
    Full feature multi-platform log collection
    NXLog Manager
    Manage and monitor NXLog instances
    NXLog Community Edition
    Open-source free log collector
  • Solutions
    Integrations
    With SIEM, Devices, SaaS...
    Specfic OS support
    AIX, Linux, FreeBSD
    SCADA/ICS
    Energy, Oil & Gas, Transport...
    Windows Event log
    Collect locally or remotely, ..
    DNS Logging
    Enterprise-grade DNS log...
    Log Collection Modes
    Agent-based, Agentless or Cloud
    Agent Management
    Agents management and monitoring
    FIM
    File Integrity Monitoring
    macOS Logging
    ULS events, Apple System Logs ...

    By Industry

    Financial Services
    Government & Education
    Entertainment & Gambling
    Telecommunications
    Medical & Healthcare
    Military & Defense
    Law Firms & Legal Counsel
    Industrial & Manufacturing
  • Partners
    Find a Reseller
    Look for our resellers worldwide
    Technology Ecosystem
    See all our partners and integrations
    Partner Program
    Join our community of partners
  • Resources
    Documentation
    Products guides and integrations
    Blog
    Tutorials, updates and releases
    White papers
    Datasheets, infographics and more
    Videos
    Trainings and tutorial on specific topics
    Webinars
    Community events and webinars
    Community Forum →
  • Support
  • Why Nxlog
    About Us
    Our journey, team and mission
    Customers
    Testimonials and case studies
    Careers
    We are hiring!
    Contact Us →
Log In Sign Up
Request Trial
LOG COLLECTOR
NXLog Enterprise Edition
Full feature multi-platform log collection
NXLog Community Edition
Open-source free log collector
ADD-ONS FOR NXLOG ENTERPRISE EDITION
NXLog Add-Ons
Integration with various software
AGENT MANAGER FOR NXLOG ENTERPRISE EDITION
NXLog Manager
Manage and monitor NXLog instances
NXLog Minder
Hyper-scalable, API-first agent management
DATABASE FOR NXLOG ENTERPRISE EDITION
Raijin Database Engine
The schemaless SQL database for storing events
more from nxlog
Professional Services
Compare NXLog EE and CE
NXLog Enterprise Edition
Full feature multi-platform log collection
NXLog Manager
Manage and monitor NXLog instances
NXLog Community Edition
Open-source free log collector
Integrations
With SIEM, Devices, SaaS...
Specfic OS support
AIX, Linux, FreeBSD
SCADA/ICS
Energy, Oil & Gas, Transport...
Windows Event log
Collect locally or remotely, ..
DNS Logging
Enterprise-grade DNS log...
Log Collection Modes
Agent-based, Agentless or Cloud
Agent Management
Agents management and monitoring
FIM
File Integrity Monitoring
macOS Logging
ULS events, Apple System Logs ...

By Industry

Financial Services
Government & Education
Entertainment & Gambling
Telecommunications
Medical & Healthcare
Military & Defense
Law Firms & Legal Counsel
Industrial & Manufacturing
Find a Reseller
Look for our resellers worldwide
Technology Ecosystem
See all our partners and integrations
Partner Program
Join our community of partners
Documentation
Products guides and integrations
Blog
Tutorials, updates and releases
White papers
Datasheets, infographics and more
Videos
Trainings and tutorial on specific topics
Webinars
Community events and webinars
Community Forum →
About Us
Our journey, team and mission
Customers
Testimonials and case studies
Careers
We are hiring!
Contact Us →
Request trial
  • Loading...
Request Trial
May 2, 2023 strategysecurity

CISO starter pack - Security Policy

By Jonathan King

Share
ALL SIEM STRATEGY SECURITY ANNOUNCEMENT DEPLOYMENT COMPLIANCE COMPARISON RSS
security policy

The three characteristics your data must possess at all times, as dictated by your IT Security Policy, are:

  • It must be confidential

  • It must be available and

  • It must not have any unauthorized modifications

Your log policy will only be as good as the IT Security policy infrastructure behind it. And as much as we love talking about logs, that’s part of a more considerable general discussion about security policies. Therefore, as more and more consumers turn to digital processing, organizations must understand the importance of having a security policy. A proper one balances the need between business requirements and security needs but addresses the need for compliance and reporting. The topics contained therein must be free of jargon, easy to understand, and freely distributed throughout the company. Lastly, follow-up assurance training must ensure employees have a solid understanding of the company’s security posture. Developing and maintaining this proactive approach is crucial for surviving a cyber security attack.

This policy’s just right

A wise man once said a computer network is 100% secure…​until you add the human element. It’s easy to lock everything down, but business continuity would suffer if employees couldn’t perform basic tasks. Conversely, running without an IT Security Policy is effortless, but business continuity would suffer in the first critical incident. Therefore, the best policies land you right in the middle, like it’s the best bowl of porridge you’ve ever had. A clear understanding of the business requirements is critical to developing processes that can control and secure them. Interviews with as many people as possible will give you the greatest clarity on the exact business requirements. More than one person or department may have special needs or knowledge about these.

Once you know what the business requires, you can implement processes by following the principle of least privilege (PLP). PLP is where you only grant as much permission as needed to get job requirements accomplished. If Joe Schmo needed access to Sales but not accounting, you wouldn’t hand him an accounting key. The same theory applies to PLP but with computer files and folders. You’d make it so that Joe can access the Sales files, not Susan’s payroll. Developing these processes is much easier once you know the requirements of the business.

Zone defense

As you build out these controls, you’ll make decisions on a larger scale, potentially impacting a significant subset of employees. Examples include allowing or blocking certain websites on business networks, which affects everyone in the company. Whenever you need to make a decision that impacts a large user base, it’s essential to categorize or generalize as much as possible. For example, do it by category if you need to filter internet requests. By implementing business processes generally and with PLP, you’ll improve at balancing business needs with security requirements. However, if no one understands or interprets the IT security policy, this will be for nothing.

Jargonna-be-kidding me

If you know anyone in IT, you know sometimes they can accidentally begin speaking…​technical. We can’t help; it starts with talking about USBs and ends with a theoretical approach to network management. You can see the glaze rolls over their eyes like a wave when it becomes technical. A similar reaction occurs when a security policy begins tossing around jargon and technical terms. Ensuring your security policy is free of technical terms, or includes a glossary, is critical. Once employees can translate what they’re reading to their daily tasks, security adoption becomes easier. First, they must read it, and administrators must ensure this happens.

A security policy is no good if no one reads it. When disaster strikes, vulnerability scans, acceptable use, incident response, and disaster recovery are not policies you want to read. Ensuring employees and staff clearly understand this policy is just as important as the effort to make it. Buy-in from department heads and managers sets a strong tone for others to follow. Stakeholders mentioned within it should note that they may have special tasks they need to perform. This goes with not using jargon in your policy and translating the security requirements in layman’s terms. No one will read it if no one can understand it, which will directly impact your overall security posture. How, then, does one communicate and translate the policy elements in a way everyone understands? Games.

May the odds be ever in your favor

Ok, we’re not talking about zoned districts but tabletop exercises for your employees. When discussing tabletop exercises for your organization, we’re referring to your incident response plan. As riveting as it may be to walk through your acceptable use policy, it may not have the desired effect. Tabletop exercises are scenarios written to walk employees through your incident response plan. Therefore, these exercises reflect the existing policies in your security policy as they are in your environment. Think of it like a dungeon and dragons game; instead of paladins and fire blasts, you have hackers and phishing attacks. Administrators explain the situation, and the employees react based on their knowledge. They can ask questions, and the administrator will respond to progress the exercise. Afterward, it’s essential to review what happened and make any changes to the policy if needed. You may need to change roles or positions, or you may need to change how you respond to a specific situation. These exercises aim to flesh out these sorts of changes before danger hits. Once finished, the reading and education process must loop again to ensure everyone is aware of the changes. 

What about log collection?

Policies are translated business requirements placing constraints on the environment. Log collection is part of a set of critical underlying processes helping secure the three core tenants of cybersecurity: confidentiality, availability, and integrity. When investigators begin looking into incidents, they’re looking for non-repudiated data or data containing proof of origin. Non-repudiated data has integrity, as you cannot dispute the source. As long as the data is stored securely and available to all investigators, it checks the 'cybersecurity' proverbial checkbox. Log data helps ensure these characteristics exist; it’s up to the CISO to use this data effectively.

GET STARTED TODAY:
CONTACT US Our experts are happy to help REQUEST A FREE TRIAL Give NXLog Enterprise Edition a try GET PRICING Request a quote

NXLog Ltd. develops multi-platform log collection tools that support many different log sources, formats, transports, and integrations. The tools help administrators collect, parse, and forward logs so they can more easily respond to security issues, investigate operational problems, and analyze event data. NXLog distributes the free and open source NXLog Community Edition and offers additional features and support with the NXLog Enterprise Edition.

This document is provided for informational purposes only and is subject to change without notice. Trademarks are the properties of their respective owners.

  • CISO starter pack
Share

Facebook Twitter LinkedIn Reddit Mail
Related Posts

Top 5 security concerns revealed with DNS logging
4 minutes | July 1, 2021
NXLog - 2022 in review
4 minutes | December 22, 2022
The EU's response to cyberwarfare
4 minutes | November 22, 2022

Stay connected:

Sign up

Keep up to date with our monthly digest of articles.

By clicking singing up, I agree to the use of my personal data in accordance with NXLog Privacy Policy.

Featured posts

Raijin announces release of version 1.1
May 30, 2023
CISO starter pack - Security Policy
May 2, 2023
Announcing NXLog Enterprise Edition 5.8
April 24, 2023
CISO starter pack - Log collection fundamentals
April 3, 2023
Raijin announces release of version 1.0
March 9, 2023
Avoid vendor lock-in and declare SIEM independence
February 13, 2023
Announcing NXLog Enterprise Edition 5.7
January 20, 2023
NXLog - 2022 in review
December 22, 2022
Need to replace syslog-ng? Changing to NXLog is easier than you think
November 23, 2022
The EU's response to cyberwarfare
November 22, 2022
Looking beyond Cybersecurity Awareness Month
November 8, 2022
GDPR compliance and log data
September 23, 2022
NXLog in an industrial control security context
August 10, 2022
Raijin vs Elasticsearch
August 9, 2022
NXLog provides native support for Google Chronicle
May 11, 2022
Aggregating macOS logs for SIEM systems
February 17, 2022
How a centralized log collection tool can help your SIEM solutions
April 1, 2020

Categories

  • SIEM
  • STRATEGY
  • SECURITY
  • ANNOUNCEMENT
  • DEPLOYMENT
  • COMPLIANCE
  • COMPARISON
logo

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2023 NXLog Ltd.

PRIVACY POLICY TERMS OF USE

  • PRODUCTS

  • NXLOG ENTERPRISE EDITION
  • NXLOG COMMUNITY EDITION
  • NXLOG ADD-ONS
  • NXLOG MANAGER
  • NXLOG MINDER
  • RAIJIN DATABASE
  • MORE NXLOG

  • COMPARE SOLUTIONS
  • INDUSTRIES
  • INTERGRATIONS
  • FIND A RESELLER
  • PARTNER PROGRAM
  • RESOURCES

  • DOCUMENTATION
  • WHITE PAPERS
  • WEBINARS
  • TUTORIALS
  • BLOG
  • COMMUNITY FORUM
  • ABOUT US

  • WHY NXLOG
  • CUSTOMERS
  • CAREERS
  • CONTACT US
  • DOWNLOADS

  • NXLOG ENTERPRISE EDITION
  • NXLOG COMMUNITY EDITION
  • NXLOG MINDER
  • NXLOG MANAGER
  • NXLOG ADD-ONS
  • RAIJIN DATABASE