Search
Updated on January 26, 2024

LOG-9 Unauthorized Access Monitoring

Estimated reading: 2 minutes 1150 views

What is LOG-9 Unauthorized Access Monitoring Control about?

Unauthorized Access Monitoring control is about monitoring your organization’s infrastructure to ensure that unauthorized access is prevented. Any access to a system, network, application, or database that violates the stated security policy is considered unauthorized access. Unauthorized access is also when legitimate users access a resource that they do not have permission to use.

The preventive measures include using tools such as Privilege Account Monitoring (PAM) or Wireless Access Monitoring to scan the environment for unauthorized access from personnel, applications, devices, networks, etc.

There are no mandatory tools or methods to use, as long as you can demonstrate a way to track and scan the environment and take action based on the results.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, as we haven’t used them.

Tools
ManageEngine
BeyondTrust

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

  • N/A: No template recommendation

Control implementation

To implement this control,

A tool is required for this control. Ensure that these steps are taken into account as part of implementation:

  1. Enable temporary privilege escalation.
  2. Enable tracking of assets and privileges granted.
  3. Enable attribute-based access control.
  4. Monitor the assignment of privileges versus usage.
  5. Enable zero trust everywhere.
  6. Enable the audit trail.
  7. Enable monitoring and alerts.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

  1. A screenshot from the monitoring tool dashboard

Evidence example

For the suggested action, an example is provided below:

  1. A screenshot from the monitoring tool dashboard.
    The following screenshot shows the monitoring tool dashboard of the PAM tool.
    LOG 9 Unauthorized Access Monitoring

Join the conversation

ON THIS PAGE
SHARE THIS PAGE

SUBSCRIBE
FlightSchool
Trusty

Want to see how to turn GRC into a profit center?

Ready to save time and money on audits, pass security reviews faster, and manage enterprise-wide risk? Let’s talk! 

Learn More
TrustCommunity

The #1 Community for Security, Privacy, and GRC Professionals.

© 2024 TrustCloud Corporation. All rights reserved.
TrustCloud® and TrustOps® are registered trademarks of TrustCloud Corporation.

Facebook Linkedin Youtube Rss

Resources

Platform

TOPICS

ABOUT US

AICPA
Monitored by TrustCloud

💛 Joyfully Crafted to Elevate GRC Leaders into Trust Champions.

OR