Security Monitoring and Logging Policy

Security Classification: Public
Version: 1.1 (May 2025)

Security Monitoring and Logging

This document describes the Security Monitoring and Logging within the context of the KX organization.  The policy is intended for application with KX environments, including those for utilizing the Cloud.

Overview

There are a number of reports and logs which need to be reviewed on a recurring basis and this policy will outline these reports and logs.  The Logging Management Standard provides specific requirements.

Tools & Reports

Below is the list of Tools and Reports / Log items which MUST be reviewed:

  • Logging Tool Reports (SIEM platform or an equivalent logging tool)
    • These are reports that are run on the logging tool from the security audit records sent from the KX platform / systems (including for the Cloud)
  • Logging Tool Alerts (or an equivalent logging tool)
    • These are defined alerts in the logging tool which indicate a security issue.
    • IAM access control MFA authenticator tool
    • These are defined in the Authenticator Tool which provides secure authentication to the access environment.
  • Vulnerability Scanning Reports (Nessus or an equivalent vulnerability scanning tool)
    • These are reports on web applications, API and network scans of machines in the KX network and Cloud businesses.
  • Firewall reports (an industry standard firewall tool)
    • These are reports from the KX firewalls and those used in the Cloud business.
    • NOTE:  The policy document describes what policy requirements need to be met BUT it does not describe details on procedures or work instructions.  Please see related standards and technical documents for additional detail.

Business Risk

Inconsistent system security monitoring and unresolved deviations could result in:

  • New threats and vulnerabilities not being identified on an ongoing basis to ensure these applications are protected against known attacks.
  • Systems and / or services which could be exploited to expose KX and / or KX customer intellectual information, or be made vulnerable to denial of service attacks.
  • Customers finding issues before KX does.
  • Failure to be compliant with required standards.

Scope of Security Monitoring and Logging

The Security Reports Review scope includes all KX components within all KX environments, including the Cloud business.

The list of Security Report Review items below MUST be reviewed and the guidelines followed:

  • Logging Tool Reports are to be received continuously and reviewed regularly
  • Logging Tool Alerts are monitored as received.
  • Authentication Tool Reports tracking access control via MFA are monitored.
  • Vulnerability Scanning Reports are automated, and reports need to be reviewed regularly.
  • Firewall Reports are reviewed at least quarterly, and issues need to be reviewed as received.
  • System logs are sent to the SIEM tool (or similar tool) for monitoring.

Review and Outcomes

The Security Monitoring and Logging Policy covers the items listed under the scope section. The flow and outcomes are as follows:

  • All logs are assessed against the SIEM tools configuration rules
  • Alerts are reported based on those rules
  • All alerts are assessed, and action taken
  • Any alert that is assessed as an incident will result in a formal Security Incident ticket being raised and the Security Incident process followed