Operations Security (R5)

[mstanton1]

As per the first review of the STRA it was advised that oversight in audit log reviews could leave the system open to undetected breaches. It is recommended we "Implement automated and regular audit log reviews to properly detect and address security incidents.

Requirements

• record access at a user level
• record items searched and search results retrieved for each search
• for competent authority search a designated administrator will be able to run adhoc reports
• 1-2 designated technical/administrative staff will have permissions to set up and run the access report. Review of this approach will be required after go-live if call volumes necessitate additional access being granted.

Additional Opportunities

• SBC Connect could provide additional logging at a platform level. RAID #431 has been created for review.

• 19956 created to review if there is value in a yearly Registrars review

• 22099 created to implement a process for monitoring user access in the database

[mstanton1]

To send an email to Thor and Patrick Wei to determine if there are existing audit processes within BC Registries (e.g. director search) that we could leverage. The primary need is the ability to document what audit will be in place for the PIA and then to take that information and create tickets under our Audit epic.

[mstanton1]

@Apt766525 can you add any additional information from #17541 into this ticket, and then close that ticket?

[Apt766525]

Have updated the description of the ticket based on #17541

[mstanton1]

User level monitoring is in place, with the exception of operational purposes (database access) which a ticket has been created for. A ticket has also been created to consider a yearly Registrar's review. No further BA work is required on this task.