Closed mstanton1 closed 2 months ago
To send an email to Thor and Patrick Wei to determine if there are existing audit processes within BC Registries (e.g. director search) that we could leverage. The primary need is the ability to document what audit will be in place for the PIA and then to take that information and create tickets under our Audit epic.
@Apt766525 can you add any additional information from #17541 into this ticket, and then close that ticket?
Have updated the description of the ticket based on #17541
User level monitoring is in place, with the exception of operational purposes (database access) which a ticket has been created for. A ticket has also been created to consider a yearly Registrar's review. No further BA work is required on this task.
As per the first review of the STRA it was advised that oversight in audit log reviews could leave the system open to undetected breaches. It is recommended we "Implement automated and regular audit log reviews to properly detect and address security incidents.
Requirements
Additional Opportunities
19956 created to review if there is value in a yearly Registrars review
22099 created to implement a process for monitoring user access in the database