S 4.427 Security-relevant logging and evaluating for Lotus Notes/Domino
Initiation responsibility: Head of IT, IT Security Officer
Implementation responsibility: IT Security Officer, Administrator, Data Protection Officer, Personnel/Supervisory Board
In order to image the protection requirements of the applications and services operated on the Lotus Notes/Domino platform, it is necessary to log and to evaluate security-relevant incidents at periodic intervals or in a results-related manner. For the Lotus Notes/Domino environment, this may be performed using the administration and/or security administration functions.
So-called SIEM tools (Security Information Event Management) or Log Analyzers are options for improving the process towards a cross-platform, automated evaluation of security logging. However, these also require proper configuration of the logging function in the connected platforms.
Since the protocols containing security-relevant data and/or their evaluations may include both personal data and data significant for employee behaviour and employee productivity, the corresponding legislation must be taken into consideration at this point. It is necessary to involve the Data Protection Officer and the Personnel/Supervisory Board both when drawing up the logging and evaluation concept for Lotus Notes/Domino described in S 2.207 Security concept for Lotus Notes/Domino, as well as during operational safeguards for implementing this concept.
If the private use of services of the Lotus Notes/Domino environment (e.g. email, internet access of the employees) is permitted expressly or tolerated, the restrictions applicable in this case and the necessary agreements between organisation and employees regarding logging and evaluation must be particularly taken into consideration.
Review questions:
- Does a logging and evaluation concept exist and is it implemented for the Lotus Notes/Domino environment?
- Is the Lotus Notes/Domino environment connected to an external security monitoring tool logging and evaluating security-relevant parameters and events?