Welcome » IT Booklets » Information Security » Security Monitoring
Financial institutions should gain assurance of the adequacy of their risk mitigation strategy and implementation by
Security monitoring focuses on the activities and condition of network traffic and network hosts. Activity monitoring is primarily performed to assess policy compliance, identify non-compliance with the institution's policies, and identify intrusions and support an effective intrusion response. Because activity monitoring is typically an operational procedure performed over time, it is capable of providing continual assurance.
Monitoring of condition is typically performed in periodic testing. The assurance provided by condition monitoring can relate to the absence of an intrusion, the compliance with authorized configurations, and the overall resistance to intrusions. Condition monitoring does not provide continual assurance, but relates to the point in time of the test.
Risk drives the degree of monitoring. In general, risk increases with system accessibility and the sensitivity of data and processes. For example, a high-risk system is one that is remotely accessible and allows direct access to funds, fund transfer mechanisms, or sensitive customer data. Information-only Web sites that are not connected to any internal institution system or transaction-capable service are lower-risk systems. Information systems that exhibit high risks should be subject to more rigorous monitoring than low-risk systems.
A financial institution's security monitoring should, commensurate with the risk, be able to identify control failures before a security incident occurs, detect an intrusion or other security incident in sufficient time to enable an effective and timely response, and support post-event forensics activities.