Item 4.5
A system must be in place to identify unauthorized access
of IT systems/data or abuse of policies and procedures
including improper access of internal systems or external
websites and tampering or altering of business data by
employees or contractors. All violators must be subject to
appropriate disciplinary actions.
So this means that log files have to be kept and analyzed. An audit log of file accesses has to be kept.
The log analyzer should be real-time so that alerts can be generated 24×7.
This also means that there has to be a way of managing access rights.
You would need to know that John has access to a folder but only from his desktop during business hours, any other attempts could be an issue.
Implementation
A log server and a log analyzer are required elements. All devices need to be configured to transmit log entries to the log server in real-time. SolarWinds does have some programs for this. There are also open source programs available.
Proprietary systems also need to contribute to the log files in some manner.
The MoveItNow Suite logs issues within the database and does not send events to other servers, this includes logon attempts. It has an internal audit trail for data changes that can be queried by anyone with access rights to the database.