Welcome » IT Booklets » Information Security » Security Monitoring
Financial institutions should gain assurance of the
adequacy of their risk mitigation strategy and implementation
Security monitoring focuses on the activities and condition of
network traffic and network hosts. Activity monitoring is
primarily performed to assess policy compliance, identify
non-compliance with the institution's policies, and identify
intrusions and support an effective intrusion response.
Because activity monitoring is typically an operational procedure
performed over time, it is capable of providing continual
Monitoring of condition is typically performed in periodic
testing. The assurance provided by condition monitoring can
relate to the absence of an intrusion, the compliance with
authorized configurations, and the overall resistance to
intrusions. Condition monitoring does not provide continual
assurance, but relates to the point in time of the test.
Risk drives the degree of monitoring. In general, risk
increases with system accessibility and the sensitivity of data and
processes. For example, a high-risk system is one that is
remotely accessible and allows direct access to funds, fund
transfer mechanisms, or sensitive customer data.
Information-only Web sites that are not connected to any internal
institution system or transaction-capable service are lower-risk
systems. Information systems that exhibit high risks should
be subject to more rigorous monitoring than low-risk systems.
A financial institution's security monitoring should,
commensurate with the risk, be able to identify control failures
before a security incident occurs, detect an intrusion or other
security incident in sufficient time to enable an effective and
timely response, and support post-event forensics activities.