Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ISO/IEC27000: Change Control Management

by Cody Dumont
June 20, 2016

Changes across network devices, files, and security policies happen daily within an organization. Without proper change control policies in place, organizations can increase in network disruptions, misconfigured devices, and privilege creep among internal users. This report will help organizations to better understand where changes are occurring across network files, policies, and devices.

The ISO/IEC 27002:2013 provides a framework that can be used to develop and enhance information security policies for any organization. Each security control and objective provided within the standard can be tailored to specific business and regulatory objectives, and assist with maintaining overall compliance. This report aligns with the ISO/IEC 27002 12.1.2 and 12.5.1 controls, which can provide organizations with the latest information on network changes across the enterprise.

Proper change control policies can help organizations identify when a change was made, the type of change, and on what host. By definition, change control management is a formal process to ensure that proposed changes will not disrupt systems, users, and services. Organizations should forward all event logs from network devices to the Log Correlation Engine (LCE), which will monitor and collect the latest information on changes throughout a network. Changes can include software upgrades, firewall policy modifications, user privilege changes, and more. Monitoring changes on critical infrastructure devices can help to reduce unauthorized or improper changes that could severely impact critical network services. Having the latest information on network changes can help analysts quickly identify which users and hosts were involved by the change.

The chapters within this report utilize LCE in obtaining the latest information on network change events. Monitoring configuration changes will alert analysts to any unauthorized changes that could result in network outages or misconfigured devices and servers. Event information on password changes, group changes, and privilege change events are included. The Change Events chapter reports on the latest change events collected from network devices. Top change events from Windows, Linux, and UNIX hosts will report on registry changes, domain, and software updates. Software changes present information on software that has been installed, removed, and software application error events.

This report is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The report can be easily located in the Tenable.sc Feed under the category Compliance & Configuration Assessment. The report requirements are:

  • Tenable.sc 5.2.0
  • LCE 6.0.0
  • Log Correlation Engine Clients

Tenable.sc Continuous View (CV) provides continuous network monitoring, vulnerability identification, risk reduction, and compliance monitoring. Nessus is continuously updated with information about advanced threats and zero-day vulnerabilities, and new types of regulatory compliance configuration audits. NNM and Nessus both have the capability to discover operating systems, software, network devices, hypervisors, databases, tablets, phones, servers, and other critical assets. Tenable.sc CV allows for the most comprehensive and integrated view of network changes.

Chapters

Executive Summary: The Executive Summary chapter will alert analysts to configuration changes on network devices and servers. Each chapter will include event information on password changes, group changes, privilege change events, and more. Organizations can use the information provided within this report to reduce and prevent unauthorized or unknown changes, which can be beneficial in strengthening existing security policies. This report aligns with the ISO ISO/IEC 27002 12.1.2 and 12.5.1 controls, which can provide organizations with the latest information on network changes across the enterprise.

Change Events: The Change Events chapter reports on the latest change events collected from network devices. This chapter includes change event information from commonly used firewall, IPS, and IDS network devices. Other elements include change events from Windows, Linux, and UNIX hosts. This information will report on registry changes, domain, and software updates. This chapter will also present information on file change events across the network.

Software Change Events: The Software Change Events chapter presents information on software change events on network hosts. Each table provides a count for the top 20 software change events. This information will alert analysts to possible unauthorized software installations, updates, and removal events. The tables within this chapter can provide valuable information organizations can use to identify and secure gaps within existing security policies.

Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.