The capture and review of security-relevant events from systems, applications, and devices to detect anomalies and support incident investigation.
Logging and monitoring is the systematic capture of security-relevant events (logins, file access, configuration changes, failed authentication, privilege escalations) from systems, applications, devices, and cloud services, plus the periodic review of those logs for anomalies. The FTC Safeguards Rule requires monitoring of authorized user activity and detection of unauthorized access (16 CFR 314.4(c)(8)). Logs must be retained long enough to support incident investigation, typically a minimum of 90 days but often a year or more.
After a breach, logs are the only way to determine scope: which accounts were used, which files were accessed, how long the attacker was inside. Without logs, the firm must assume the worst and notify the broadest possible set of clients. Without monitoring, anomalous activity is not caught until a third party (a client, a vendor, or the FBI) reports it.
The Compliance Event Monitoring module handles this for your firm, personalized to your software, team size, and state requirements.
See plans and pricingOngoing automated monitoring of systems for security threats, misconfigurations, and policy violations, as an alternative to periodic testing.
A documented set of procedures your firm follows when a data breach or security incident occurs.
Technical and administrative measures that limit who can access which systems and data, based on the principle of least privilege.
Buy the WISP yourself if you need the document.
Talk to us if you want the platform.
We use cookies to measure site performance and improve your experience. No data is sold to third parties. Privacy Policy