Monetary Authority of Singapore Technology Risk Management Guidelines Deployment Guide

This guide describes how to implement the LogRhythm MAS-TRMG Compliance Automation Suite. This suite provides pre-bundled Investigations, Alarms, and Reports that are designed for the COBIT-5 framework as applied and associated with the Sarbanes-Oxley Act of 2002. In addition, this guide shows how to meet MAS- TRMG compliance regulations using the LogRhythm Investigations, Tails, Alarms, and Reports. The suite is designed to be dynamic as your organization’s compliance and security posture mature and adapt.

After you configure the automation suite, the LogRhythm Platform Manager includes the proper components needed to augment MAS-TRMG compliance efforts. Alarms, Investigations and Reports are automatically associated with the correct MAS-TRMG environment classifications and user lists. You can then schedule Reports for periodic generation and delivery, or generate them on demand. Established reporting packages allow you to organize pertinent log data associated with a desired audience. To identify areas of non-compliance in real-time, you can leverage Investigations and Alarms for immediate analysis of activities that impact your organization's cardholder data systems. For detailed MAS-TRMG control mapping, see MAS-TRMG—Requirements.

Intended Audience

This guide is intended for LogRhythm SIEM administrators and analysts who are responsible for maintaining compliance with MAS-TRMG. Further, weekly, daily, and monthly Reporting Packages can be established to provide forensic evidence and audit data to appropriate audiences for distribution. These groups include Security Operations, Security Management, IT Operations, Audit, and Executive.

This guide is divided into the following sections: