I am currently wading through our self assessment questionnaire and am struggling with point 12.9.3 - "Designate specific personnel to be available on a 24/7 basis to respond to alerts". Is anyone actually complying with this in the fullest sense? For us, it simply isn't practical to have someone on call around the clock, nor do we have a system to trigger an alert in the middle of the night!
Does anyone have any suggestions of how to deal with this requirement?
Catherine
You need only have someone that has a cell phone. All of the IT people carry them so in essence we have designated someone to be available 24/7 to respond to an alert. This is over simplified but I would be happy to talk to you more.
Thanks,
Dave Alton
CIO
Center Theatre Group
Thanks Dave.
How do your IT team know that there has been a breach though? If that happened at 2am would some automatic alert go to their cell phone? Or is it still a case of waiting until you open up the next morning?
Hope you don't mind if I jump in.
We have purchased SIEM (security event and information monitoring) software to fulfill how we read requirement 10.6: "Review logs for all system components at least daily. Log reviews must include those servers that perform security functions like intrusion-detection system (IDS) and authentication, authorization, and accounting protocol (AAA) servers (for example, RADIUS)."
We believed that it would be impossible for anyone here to review all our logs every day so chose a logging/monitoring tool to do so. With this tool we can set alerts to send to text or email which also then fulfills the 24/7 response requirement.