2023 IT Examiner School

Internal Use Only

System Security

Session Timeouts (screen lock)

Password Complexity & Reuse

Logging / Audit Trail

Anti-Virus / Anti-Malware

Internal Use Only

Event Logging Event logging provides audit trails and feedback to evaluate & gauge the effectiveness of controls The success of logging depends on what is logged, log filter capabilities & key personnel under-standing what the information means Institutions should have systems for detecting irregular or suspicious activity Security Incident & Event Monitoring (SIEM)

• Aggregation • Correlation • Log integrity • Rulesets • Alerting • Forensics