Security Monitoring and Auditing

by Maggie Shawman.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on data security  

You are here: Categories » Computers and technology » Data security

Central to a comprehensive security policy, and the components that unify procedures and response, is the discussion of monitoring and auditing. Security monitoring verifies the configuration guidelines and technical requirements outlined in the security policies. Security auditing entails a consistent set of practices that enforce the security policies set forth for the organization.

Monitoring is the policy action that becomes part of the ongoing standard security process in the company. The installation of a firewall is one element of the security monitoring system—it focuses on the network access points. Other aspects of monitoring are the use of security cameras, anti-virus software, server disk quotas, intrusion detection devices, and network management software. The monitoring component of a security policy enhances the security in an organization by validating the other elements in the policy, ensuring their existence and correctness.

Monitoring capabilities also affect the safety and effectiveness of incident responses. It provides evidence for legal issues and an informative basis for post-mortem analysis of incidents. This analysis is very useful to assist in prevention and understanding of problems.

Finally, security monitoring provides the capability for the organization to recover from incidents by providing in-depth information about it. Network attacks can be monitored and defended against, spurious hardware failures can be traced and rectified and the actions of unauthorized intruders can be watched and recorded.

The monitoring methods for a server, network, or other computer equipment are often those that gather and analyze statistics. The statistics gathered provide the reference point for normal operation and for that which is abnormal. This information is often gathered by hand, or eye, in the case of security cameras and monitoring. The level to which the monitoring is automated increases its effectiveness. To allay the fears that this task is incredibly difficult, it is important to note that many operating systems and software have the capabilities to perform a large portion of the monitoring and auditing functionality—the features simply need to be enabled. Authentication policies including the identification of password criteria, the use of password aging, and keeping a password history to avoid repetition are enforced by common features in most operating systems. Access control methods and auditing capabilities are inherent parts of server operating systems. Network management protocols allow for special alerts and notices to be sent under special conditions. An example is SNMP, which can be configured to notify administrators when special events occur. SNMP has weak security and should be investigated prior to its implementation, and is mentioned here due to its wide use. An alarm company, monitors the alarm system, and the proper authorities are notified automatically when it is set off.

Company Z's Security Monitoring Policy reads

· Closed-circuit television cameras are installed throughout the organization and at entry/exit points.

· This video information is recorded and monitored by the security group.

· Network equipment management and monitoring occurs via automated management software that notifies administrators via pager in the event of anomalous issues.

· Anti-virus software monitors all programs, documents, and email messages for viruses and automatically cleans discovered viruses.

· Users and administrators are automatically notified via email when a virus is discovered.

· All servers are monitored via monitoring programs and built-in functionality that complies with the established security policy.

Auditing ensures that the security policy is in place and followed. The measures used to audit include the services of contract security firms to analyze the an organization's networks, systems, and policies—often unbeknownst to the employees. Other forms of auditing include random and frequent verification of the policies by administrators or special internal teams designed for such tasks. The reference to auditing in the security policies of an organization also has a psychological affect that helps foster greater security awareness and action. Employees are less likely to adhere to security policies if they feel there is no enforcement. By outlining the presence of auditing methods, without necessarily clarifying the exact procedures, frequency, or schedule, an organization makes its employees more aware of security issues. A greater emphasis on secure thought and use is the natural result. Consider Company Z's Security Policy for Enforcement and Auditing:

· Periodic and random security audits will be performed on servers and network equip ment to ensure proper configuration, diligent updates and application of patches, and compliance with other security policy regulations.

· These audits may be performed by internal staff or external agencies with or without the knowledge of the administrators and users of the systems.

· Desktop systems and users will be audited for compliance with the Site and Infrastructure Policy, with regard to configuration, up-to-date software, and network services.

· Audits of users for compliance with the Acceptable Use Policy will also be conducted to assure the safety and security of the computing environment.

Notification to employees of the audit policy enforces compliance of security policies and also forewarns them of repercussions for compliance failures. Administrators have the largest responsibility and expend the most effort to enforce adherence to security policies. Audits might seem forceful, but an environment with so many security components requires dedication and diligence to maintain security.

Share
Leave a comment or ask a question
Total comments: 0

Data security Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Biometric Locks: Why You Should Call Installation Experts - Fingerprint readers and other forms of biometric security are becoming big business, but are you, the DIY enthusiast, ready to take on a biometric door lock installation project? Unless y (more...)
Which Are The Most Common Network Security Risks - A network security incident isany network-related activity with negative security implications. Security incidents on the Internet can come in all shapes and sizes, launched from specific (more...)
Biometric Locks: How The Windows 7's Biometric Driver Helps You - Biometric technology is making it even easier to use computers. There's no need to remember passwords anymore because you can unlock your computer by using your fingerprint. Fingerprint readers a (more...)
How to speed up your computer - Most of People surf sites daily and don't care which should be visited, when they felt thier computer slow, they start worrying about it. Five tips You must adapt 1: Use Antivirus and update (more...)
Tips on Buying Biometric Locks - The security of your home is essential. You owe it to yourself and your loved ones to make sure you are safe at all times. So, with the development of biometric security locks things h (more...)
3 Signs You Need a Virus Removal Service - Virus and malware infestations are some of the most common computer repair problems that computer owners everywhere deals with. These malicious hijacking attempts of your (more...)
Six Myths about Nulled Scripts, or There's No Such Thing as Free Lunch - Once every so often our customers are asking us how come on some websites our software is sold at a fraction of price or is even free. They further ask how come they have to pay for the software if (more...)
How to protect against Spoofing and Session Hijacking - Spoofing is the term hackers use to describe the act of faking information sent to a computer. This is a broad definition of spoofing, but there are many subtle variations of this attack. Howev (more...)
Online Security on Public Computers - Using public computers can put you at risk for password hackers who use tools such as keystroke logging devices. Find out how to protect yourself from criminals preying on public computers. (more...)
How to Create a Strong Password - Using a password keeper can help you keep your online information more secure by allowing you to create more complex passwords for your Internet accounts without having to remember them. Here a (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.