Thursday, 15 April 2010

Monitoring and logging

Monitoring is a type of active auditing that is based on the constant review of the audited information or the audited asset. Problem identification and problem resolution are primary goals of monitoring. And the main types of monitoring include:

  • Event monitoring
  • Clipping Level (baselining)
  • Hardware monitoring (fault detection, port)
  • Illegal software/content monitoring (P2P software, Games Copy righted movies and music and Inappropriate content).

The notion of monitoring incorporates monitoring for illegal software installation, monitoring hardware for faults and error states, and monitoring operational events for anomalies.  Monitoring is an essential part of the problem identification and resolution process.

Monitoring incorporates the methods, tools, and techniques used to allow for the recognition of security events that might impact the organization’s operations or facilities. It expands into the measures needed to be employed in order to successfully recognize the significant elements of an event and to report that information in a suitable way.

Some of the techniques associated with monitoring include:

  • Intrusion Detection,
  • Audit and Penetration Testing, and
  • Violation processing by means of clipping levels.

Clipping Level

When monitoring the operation of a system or the actions of uses, thresholds are characteristically defined above or below which alerting, alarms, and exceptions are not reported.  This range of activity is regarded as baseline or routine activity.

No comments: