GDPR Access Controls, Look at How You Manage Permissions. SureLog SIEM implementation for Access Control Monitoring
GDPR requires organizations to gain explicit permission for any personal data use beyond the original intended purpose.
What permissions do you have for the data you currently hold? What changes will the organization need to make to make consent a priority?
For example, if a new employee is hired or if a new customer signs up, the organization needs to understand which access controls will be applied and how to monitor and report.
Also GDPR mandates to understand what personal data is held and who has access to it and is this access is allowed or not.
For example: Organizations need to create a rule that will monitor for specific usernames logging into unapproved hostnames. We will implement this rule with SureLog SIEM
Step 1: We will create an approved users list
192.168.1.8 -> {Ertugrul,Ali,Osman}
192.168.1.2 -> {Ayse,Hakan}
192.168.1.5 -> {Sinan, Mehmet}
192.168.1.7 -> {Muharrem}
Step 2: We will create a rule to check if authenticated user is in this approved list or not
Monitoring both authorized and unauthorized access to sensitive data is essential to early data breach detection. Visibility is key.
Unauthorised access also includes accidental or unlawful destruction, loss, alteration, or unauthorised disclosure of personal data transmitted, stored or otherwise processed. [Articles 4, 5, 23, 32]
Ultimately a big part of being GDPR compliant when it comes to access control is the understanding who has access to your data and actually controlling that access. You need to ensure that personal data is not made accessible to those who do not need it.
SureLog SIEM correlation rules for access control monitoring is easy and efficient. It is easy to monitor access controls to
- Fileservers
- Servers
- Devices (Firewalls,Switchtes …)
- Databases
- etc..
with correlation rules in real time with notifications like
- Monitor for specific usernames logging into unapproved fileservers
- Monitor for specific usernames logging into unapproved databases
- Monitor for specific usernames accessing to unapproved database tables
- Monitor for specific usernames logging into unapproved firewalls
- Monitor for specific usernames logging into unapproved switches
- etc..