Guidance

Security Monitoring: Business Objectives and Security Requirements

Created:  13 Nov 2015
Updated:  08 Aug 2016
CESG Archive

Archive content originally produced by CESG that has not yet been absorbed into the new NCSC web pages.

Identifying the business objectives that are fundamental to your security monitoring approach. 

Introduction

This section starts by identifying the business objectives that are fundamental to your security monitoring approach. They provide the business context in which your security monitoring planning will take place.

The next section highlights key aspects within an organisation’s security monitoring approach that decision makers need to address. For each key aspect, we’ve identified:

  • a security monitoring requirement that’s relevant to the key aspect in question
  • examples of what your organisation can do to meet the security requirement

By fulfilling the security monitoring requirements, organisations can, in turn, meet their broader business objectives.

Note that the ‘weighting’ of each business objective will be specific to each organisation, and they should not be applied ‘en masse’ across all businesses. Rather, the objectives should be applied where they are applicable in the context of the organisation under consideration. For example, the business objective ‘Ensure traffic exchanges are business approved and conform to organisational policy’ is crucial for establishing connectivity to a new business partner, but less so when planning the deployment of a new desktop capability.

In summary, one size does not fit all. For each internal ICT project, the security monitoring business objectives must be weighted accordingly, as failing to do so will lead to inappropriate monitoring that is likely to be both uneconomic and ineffective.

 

Business objectives

The following business objectives provide the business context in which your security monitoring planning will take place:

  • ensure traffic exchanges are business approved and conform to organisational policy by monitoring business traffic at the organisational ICT boundary
  • enable action to be taken against malicious content by detecting and alerting the organisation to suspicious activity at the organisational ICT boundary
  • enable action to be taken against attacks from either internal users (or from external attackers who have penetrated the boundary defences) by detecting suspicious activity inside the organisational ICT boundary
  • ensure internal user accountability, legal and regulatory compliance and conformance to organisational policy by monitoring users activity, accesses and use of internal ICT equipment
  • ensure remote working user accountability, legal & regulatory compliance and conformance to organisational policy by monitoring remote access solutions
  • detect accidental or deliberate acts by users or the presence of malware by monitoring changes to device status and configuration
  • enable immediate action to be taken on critical events by alerting the organisation in as close to real-time as is achievable
  • provide management with the information to improve the security monitoring service by providing reporting on the performance of the service
  • ensure that all monitoring is conducted lawfully by understanding the legal framework under which monitoring takes place

 

Key aspects and security requirements

The Key Aspects to Security Monitoring PDF highlights the key aspects of your security monitoring approach that you need to consider, and for each one, identifies a relevant security monitoring requirement. It then lists examples of what your organisation can do to meet the security. A low-resolution image of the file is shown below: please download the PDF to view a high-resolution version.

Security Monitoring Requirements

 

security_monitoring_key_aspects.pdf

PDF, 85.03KB

This file may not be suitable for users of assistive technology.

Was this guidance helpful?

We need your feedback to improve this content.

Yes No