4.9 Considering work procedures
This section describes the work procedures to be considered for each system in order to configure and operate a secure system.
To configure and operate a secure system, it is necessary to clarify the work procedures to be performed by each type of worker. In system auditing, audit logs are compared with the relevant work procedure documents to check for consistency. A work procedure document is a written document that describes the authorized procedures and methods for work such as configuring or operating the system or for service use by end-users. A work procedure document needs to be prepared for each system. Checking audit logs, which are records of workers and operations, against the relevant work procedure documents helps to clarify whether authorized workers have performed operations in accordance with the authorized methods and procedures. This helps to maintain the security of the system.
To prepare each work procedure document, it is necessary to consider what work needs to be included in the document, as well as the work procedure and method. From the point of view of auditing, clarify what work needs to be specified so that the work is done by an authorized user in accordance with an authorized procedure and method. Also, specify in each work procedure that a command that creates an audit log entry must be used to perform the work.