⚜️
DFS CheckList
  • What is DFS Checklist?
  • Scope
    • What is a scope?
    • How to define a scope for DeFi app?
  • Checklist
    • Scope is defined
      • Scope is described
      • Personnel is listed
    • Network security
      • Network rules defined and saved
      • Network rules implemented
    • Third party software security
      • Software listed
      • Software configured
    • Inhouse software security
      • Software listed
      • Software configured
    • Access Control Measures
      • Identify Users and Authenticate Access to System Components
      • Restrict Access to System Components by Business Need to Know
    • Monitoring and Alerting
      • Log and Monitor All Access to the Scope
      • Setup alerting for critical events
    • Security routines
      • Complience controls
Powered by GitBook
On this page
  1. Checklist
  2. Monitoring and Alerting

Log and Monitor All Access to the Scope

1

Processes and mechanisms for logging and monitoring all access to system components are defined and documented.

2

Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.

3

Audit logs are protected from destruction and unauthorized modifications.

4

Audit logs are reviewed to identify anomalies or suspicious activity.

5

Audit log history is retained and available for analysis.

6

Time-synchronization mechanisms support consistent time settings across all systems.

7

Failures of critical security control systems are detected, reported, and responded to promptly.

Overview

Logging mechanisms and the ability to track user activities are critical in preventing, detecting, or minimizing the impact of a data compromise.The presence of logs on all system components and in scope allows thorough tracking, alerting, and analysis when something does go wrong. Determining the cause of a compromise is difficult, if not impossible, without system activity logs. This requirement applies to user activities, including those by employees, contractors, consultants, and internal and external vendors, and other third parties (for example, those providing support or maintenance services).

PreviousMonitoring and AlertingNextSetup alerting for critical events

Last updated 1 year ago