JC

CIS Control 3.14 Log Sensitive Data Access

The Center for Internet Security Controls or #CISControls have become an industry standard to help businesses and organizations of all sizes to maintain an industry standard of #Cybersecurity controls.

Safeguard 3.14 is the final safeguard of Control 3, and is the only safeguard that has the security function for detection. We've outlined the data process and data inventory, retention and how to dispose of data securely, data flows and encryption. It's only fitting that Safeguard 3.14 will call for logging of sensitive data access, including the modification and disposal of data.

Logging all actions involving sensitive data, including access, modification and disposal, is vital to prompt detection and response to malicious activity. Data access logs can also be helpful for post-attack investigations and analyses, and for holding culprits accountable.

On Windows File Server you can audit file access events by going to the properties of the target folder/file, security > advanced, auditing, add, and set the audit permissions you want to log. This is not enabled by default, so if you don't know set it, you're not getting these logs.

There are also a number of tools out there that can scan your files and track the changes both within Windows Servers and cloud storage as well.

Like Safeguard 3.13, 3.14 is only required if you are looking to achieve Implementation Group 3, but like many that aren't required for Implementation Group 1 this is one that you should consider enabling for the folders and files that contain your sensitive data. If you have the drive space for the logs, collecting the data will only help you if you need to do an audit or look to identify security breaches.

Get a summary of all of CIS Control Safeguards 1-3 we've reviewed here at https://lnkd.in/eW5UBTxf and stay tuned as we start to dive into Control 4 on Securing Configuration and Enterprise assets and software.

Join the conversation - https://www.linkedin.com/posts/scottintech_ciscontrols-cybersecurity-ciscontrol-activity-7089298477649641472-t3ul?utm_source=share&utm_medium=member_desktop

Recent Posts

Cybersecurity and data security impacts each and every one of us.  It is our responsibility to do what we can to protect both our own data but also those who have trusted you with access to their data.

Current Ventures

Contact Info

717.884.9030

Scott@ScottRDavis.com

Connect With Scott

 

© 2023 Scott R Davis, All Rights Reserved