Premium Essay

Security Monitoring Activities

In:

Submitted By scrappinbug03
Words 894
Pages 4
Security Monitoring Activities
By: Ellie Schutt
CMGT/442 INFORMATION SYSTEMS RISK MANAGEMENT
David Conway
University Of Phoenix
December 12, 2011

Introduction This paper focuses on the security monitoring techniques that should be conducted within an organization in order to propose and recommend a solid action plan when a potential risk is identified.
Many organizations and businesses must consider risk management a crucial part of their business in order to achieve the organizations set goals and to help ensure that the organization is conducting quality business to consumers.
Security monitoring and measuring must be conducted with the organization’s IT department and e-commerce applications.
Security Monitoring Process Conducting a security monitoring process is about preventing new attacks and responding to possible threats. Taking preventative steps can help organizations prevent small risks from turning into large and costly problems. The monitoring system should be used as part of the IT department’s regular duties and must be implemented both internally and externally.
The first step of the process should be for the organization to determine what a potential risk is. Determining a list of risks must be among the considerations made by the organization, in order for the organization to operate in a true secure system. “Security monitoring helps to ensure both integrity and confidentiality for sensitive information. Security monitoring also serves as a way for IT administrators to be held personally accountable for quality and securing an organization’s financial assets” (Rudolfsky, 2010).

Internal IT and Secure Monitoring Processes Internal IT consists of tasks within an organization such as payroll, human resources, inventory monitoring, budget, and accounting and management personnel. These internal structures constantly grow and

Similar Documents

Premium Essay

Security Monitor

...Security Monitoring Security Monitoring Hector Landeros University of Phoenix Security Monitoring In today’s business environment an organization may consist of various applications all in which require a certain level of risk assessment and security measures must be taken. Applications being used within the organization must be reviewed to determine security risks that application might have and how to protect the company from those vulnerabilities. Another factor that must be considered is a risk may vary between internal and external applications. There are many activities which can be incorporated into an organizations security plan which will help minimize possibility of a security breach. Policies Security monitoring is a method typically used to test or confirm security practices being used are effective. Most of the time monitoring of activities such as the review of user account logs, application logs, data backup and recovery logs or in many applications being used automated intrusion detection system logs. When using security monitoring one is trying to ensure that information security controls are in place are effective and not being bypassed at any point. One of the benefits of security monitoring is the early identification of wrongdoing or security vulnerability. Rudolfsky (1983-2010), “It will be difficult for a company to achieve information security objectives without security event...

Words: 525 - Pages: 3

Premium Essay

Security Monitoring

...Security Monitoring In today’s business world an organization may consist of many different applications which require a certain level of risk assessment and security measures. Each application within the organization needs to be thoroughly reviewed in order to determine the associated risks and ways in which to protect against them. Another factor to be considered is that risk may vary between internal and external applications. There are many activities which can be incorporated into an organizations security plan which will help to mitigate possible risks and the loss that result from security breaches. It will be difficult for a company to achieve information security objectives without security event monitoring. Security event monitoring is derived from the general practice of monitoring activities that occur on a computer system. Security event monitoring involves recording information that represents activity and analyzing recorded information to identify and respond to questionable activities i.e.; possible security events Making Security Monitoring a Part of Your Best Security Practices. This first step would be to identify what exactly is considered questionable activity. While there is defiantly some level of activity which is considered acceptable the rules and boundaries must be clearly defined. An organization must take into consideration the applications to be used and the minimum level of security that can be used which will still...

Words: 927 - Pages: 4

Premium Essay

Weekly Summary

...Security Monitoring Activities CMGT/442 May 21, 2012 Security Monitoring Activities Any company that considers data an asset must realize the importance of risk management. Managing risk helps a company identify vulnerabilities and allows actions to be taken to reduce or stop these vulnerabilities. Risk management is also helpful in the attainment of goals and higher profits by attempting to eliminate any risk that may cost the company extra money to rectify. This paper will discuss security monitoring activities that must be addressed for both internal information technology (IT) and electronic commerce (e-commerce) applications of an organization. The recommended course of action will also be discussed when potential risks have been identified. According to Bejtlich (2004), security monitoring is defined as the collection, analysis, and escalation of indicators and warnings to detect and respond to intrusions. Security monitoring is an important part of risk management for internal applications such as payroll, human resources, and inventory. Security monitoring should also be used in the risk management of external applications like sales and marketing. Security Monitoring Process Security monitoring should be considered and used as a routine task to monitor and analyze the use of the network. Failure to use security monitoring would indicate that an organization believes there are no credible risks to the network. This thought process could...

Words: 1068 - Pages: 5

Premium Essay

Week Three Individual Assignment

...Security Monitoring: The inputs and outputs of business James P. England CMGT/442 April 9, 2012 David Conway Security Monitoring: The inputs and outputs of business Rapidly changing technological advances make computers a part of the every workplace. Companies store important data on computer systems, databases, networks, and workplace communication uses computers and networks. Computers can reduce paperwork, distribute data quickly and stay competitive, but it allows the potential for security issues ultimately affecting business operations (Friend, 2012). The majority of data on computers and almost all communication are on a company’s computer network, and the security of the data is crucial for the success of the business. Monitoring in the workplace of computers uses a variety of software products that monitor computer networks. This software can monitor or track employee activity and productivity for a company. Using a software package for security of data in a system blocks certain websites, alert information technology staff of potential threats, such as computer viruses, monitors computers, and Internet use by employees. Companies should consider using computer monitoring software in the workplace, and do extensive research on different products and services. Some software can be costly, but it may be worth the investment to protect the integrity of a business, and the safety of the employees. Allowing employees to see the software and its capabilities...

Words: 1060 - Pages: 5

Premium Essay

Security Monitoring

...Security Monitoring Russell McKay July 23, 2012 CMGT/442 William Glassen Security Monitoring Organizations in pursuit of success are challenged by taking risks. This challenge necessitates a call for risk assessment and defense through security processes. Evaluation of risks and assessment lends to defensive strategies producing a high level of security in relation to acceptable cost. Modern business endeavors of electronic commerce or e-commerce find a two front strategy between internal and external risk strategies. Security monitoring offers a measure of defense to both internal information technology and external risk from e-commerce applications. Event Monitoring Security as event monitoring inspects inbound and outbound network activity for suspicious patterns indicating an intrusion attempt. Common behaviors of users and processes create a baseline by documentation for determining normal activity. This baseline is able to provide a determination by monitoring between acceptable and unacceptable activities. Administrating to the detection system require sensitivity to techniques and methods of users for minimum levels of security that allow normal user functioning. Internal Information Technology Basic internal IT applications such as inventory, payroll, general ledger, and human resources are vulnerable to various risks. Risks include viruses, worms, identity theft, money and proprietary misappropriations. Internal controls as described by the Committee...

Words: 747 - Pages: 3

Free Essay

Security Monitoring

...Security Monitoring Mobin Bahrami University of Phoenix Information Systems Risk Management CMGT/442 June 22, 2012 Brian Hoff Intro Security monitoring is an important factor in keeping any organization network safe as various attacks are on a rise. A company constantly must practice monitory techniques to keep their data safe. " The first step is to scan the internal and external environment and identify information technology risks before they become a problem. The key is to be proactive rather than reactive" (Marilyn Greenstein). Different organization consist of many applications that require a certain level of security measures and risk assessment. To determine the associated risks within an organization each application needs to be thoroughly reviewed. Also risks may vary between internal and external applications. Many organizations remain profitable and grow by creating a good mixture of information technology and e-commerce. E-commerce focuses mainly on the product marketing and Internet sales, while information technology (IT) team handle all aspects of the organizations network. Malicious attacks, natural disasters, and internal breach are all good cause to maintain a security monitoring system. Network Security Systems Security event monitoring involves monitoring activities that occur on a computer system such as, recording information and analyzing recorded data to identify any potential risks. Organizations must have a secure network to stay in...

Words: 1035 - Pages: 5

Premium Essay

Information and Technology

...E-commerce have been on a constant up-rise, over the past couple of decades. Many organizations have found ways to grow and remain profitable, by creating a good mixture of e-commerce and IT. E-commerce can cover a range of areas, but focus mainly on internet sales and product marketing; while IT teams can handle any and all aspects of the organizations network. Security is becoming more important to organizations, as various attacks are on a rise. Natural disasters, malicious attacks, internal breach, and loss of team members, are all good cause to maintain strong security monitoring systems. The paper that follows will address security monitoring systems that should be conducted in the Cellular Phone Organization (CPO) with both Internal IT and e-commerce applications. Network Security Systems Organizations must have a secure network, in order to stay in business. There are many types of variations of ways to secure the network of an organization, and each must cater the type of business. The internal network is comprised of all servers, applications, data, and equipment used within the organization. The security of the internal network must consist of a mixture of both hardware and software. The Cellular Phone Organization employs 150 associates in an appropriate sized building. There are three teams: Customer Care; Tech Support: and Sales. There is also a Human Resources Team and Management team, for perspective departments. The company works primarily through a LAN/WAN...

Words: 1127 - Pages: 5

Premium Essay

Cmgt

...Individual Assignment: Security Monitoring Activities CMGT/442 Introduction Information Technology (IT) and E-commerce have been on a constant up-rise, over the past couple of decades. Many organizations have found ways to grow and remain profitable, by creating a good mixture of e-commerce and IT. E-commerce can cover a range of areas, but focus mainly on internet sales and product marketing; while IT teams can handle any and all aspects of the organizations network. Security is becoming more important to organizations, as various attacks are on a rise. Natural disasters, malicious attacks, internal breach, and loss of team members, are all good cause to maintain strong security monitoring systems. The paper that follows will address security monitoring systems that should be conducted in the Cellular Phone Organization (CPO) with both Internal IT and e-commerce applications. Network Security Systems Organizations must have a secure network, in order to stay in business. There are many types of variations of ways to secure the network of an organization, and each must cater the type of business. The internal network is comprised of all servers, applications, data, and equipment used within the organization. The security of the internal network must consist of a mixture of both hardware and software. The Cellular Phone Organization employs 150 associates in an appropriate sized building. There are three teams: Customer Care; Tech Support: and Sales. There is also a Human...

Words: 1199 - Pages: 5

Premium Essay

About Sec

...------------------------------------------------- About SEC The Securities and Exchange Commission (SEC) was established on 8th June, 1993 under the Securities and Exchange Commission Act, 1993. The Chairman and Members of the Commission are appointed by the government and have overall responsibility to formulate securities legislation and administer as well. The Commission is a statutory body and attached to the Ministry of Finance. Mission of the SEC is to: * Protect the interests of securities investors. * Develop and maintain fair, transparent and efficient securities markets. * Ensure proper issuance of securities and compliance with securities laws. The Commission's main functions are: * Regulating the business of the Stock Exchanges or any other securities market. * Registering and regulating the business of stock-brokers, sub-brokers, share transfer agents, merchant bankers and managers of issues, trustee of trust deeds, registrar of an issue, underwriters, portfolio managers, investment advisers and other intermediaries in the securities market * Registering, monitoring and regulating of collective investment scheme including all forms of mutual funds. * Monitoring and regulating all authorized self-regulatory organizations in the securities market. * Prohibiting fraudulent and unfair trade practices relating to securities trading in any securities market. * Promoting investors’ education and providing training for intermediaries of the securities market. * Prohibiting...

Words: 1409 - Pages: 6

Free Essay

Security Monitoring

...or "introduction" if this is a subtitle. At the beginning of the essay, the following could be nothing else] One of the biggest concerns in today’s society relates to security in internal IT and e-commerce applications. Security is handled by passing and transactions between client browser and Internet server entering a secure site. The client browser is passed a public key by which transactions between client, and the web is encrypted. The process of monitoring security plays a vital function in any organization’s computer use both internally and externally. Security Organization Within a secure organization the business structure can cover a system of financial control, such as payroll, human resources, inventory, and general ledger vary the variety of agencies of the organization may be enhanced. Vulnerabilities in organizations will diminish, staff may be eliminated and so will duplications of work within departments, monetary information can stay secure, and most customer service may be better. Internal IT Internal IT is a beneficial service such as, compliance with federal and state laws, add valve to an organization’s internal control. Safeguarding the organization assets, and risk management just to name a few, mainly deals with computer applications monitors and manages employee’s activities, for instance it more of a help desk, side services, or a desk-side service infrastructure and application support. . [Writing suggestion: If this sentence is as long as...

Words: 663 - Pages: 3

Premium Essay

Audit Program

...SECOND LIFE CONSULTING XYZ Company First Floor Physical Security Audit As of December 2, 2013 W/P# A4 Prepared by: F.C. Date: 12/02/13 Reviewed by: F.C. Date: 12/04/13 SUMMARY OF AUDIT FINDINGS W/P # C1 FINDINGS The glass construction of the doors and walls of the building does not safeguard privacy of the building's interior. There are only two cameras to cover four entrances and exits on the first floor. The two available cameras do not function properly. RECOMMENDATION Tint the glass of the building's exterior to ensure privacy of building's interior. Install a camera at each entrance and exit. C2 C2 Make sure the cameras are online and have the capability to rotate to cover wider range of area. Properly train receptionists and security personnel to recognize employees, VIPs, janitors and visitors and inquire about an individual's identification when necessary. Keep a traceable physical or digital logbook for walk in guests. Fill out time of arrival, name, reason for visit and expected visit duration. Increase security personnel by 50 percent and ensure proper training is provided. Implement a policy and procedure on badge issuance and properly communicated such policy to all security personnel Implement a policy and procedure on badge issuance and assign appropriate employee to be held accountable for lost logbook. Logbook should be safeguarded and reconciled regularly to ensure all issued badges are accounted for. Implement a policy and procedure on badge...

Words: 997 - Pages: 4

Premium Essay

It-255

...IT255 Introduction to Information Systems Security Unit 5 Importance of Testing, Auditing, and Monitoring © ITT Educational Services, Inc. All rights reserved. Learning Objective Explain the importance of security audits, testing, and monitoring to effective security policy. IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 2 Key Concepts  Role of an audit in effective security baselining and gap analysis  Importance of monitoring systems throughout the IT infrastructure  Penetration testing and ethical hacking to help mitigate gaps  Security logs for normal and abnormal traffic patterns and digital signatures  Security countermeasures through auditing, testing, and monitoring test results IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 3 EXPLORE: CONCEPTS IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 4 Purpose of an IT Security Assessment Check effectiveness of security measures. Verify access controls. Validate established mechanisms. IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 5 IT Security Audit Terminology  Verification  Validation  Testing  Evaluation IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved...

Words: 799 - Pages: 4

Premium Essay

Unit 9 Assignment 1 – Policy Monitoring and Enforcement Strategy

...Unit 9 Assignment 1 – Policy Monitoring and Enforcement Strategy Introduction This policy establishes minimum practices to ensure the Department of Defense systems and organizations with direct ties to the U.S. Government are in compliance with current directives and requirements. Networks are audited to maintain awareness of the operating environment, to detect indications of security problems, and to ensure systems and networks are used for authorized purposes. Security is a mission critical function of the Department of Defense and its proper execution has a direct impact on all missions and capabilities of the national defense. Purpose This policy is issued to: • Provide a mechanism for improved oversight of organizational information security programs. • Ensure compliance with the Federal Information Management Security Act (FISMA) • Comply with Department of Defense IT Security Policy Scope This applies to all employees and contractor employees using or operating Department of Defense computer systems, as well as the systems and networks, and to contractor employees providing services to the U.S. Government networks. Policy Department of Defense policy requires that monitoring shall be used for the following: • Individual accountability monitoring shall be used to support employee compliance by providing a log of user actions. • Intrusion detection monitoring, shall be designed and implemented to record appropriate information to assist with investigation and/or...

Words: 419 - Pages: 2

Premium Essay

Risk Management Plan

...Introduction: Information security continuous monitoring (ISCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. This publication specifically addresses assessment and analysis of security control effectiveness and of organizational security status in accordance with organizational risk tolerance. Security control effectiveness is measured by correctness of implementation and by how adequately the implemented controls meet organizational needs in accordance with current risk tolerance. Organizational security status is determined using metrics established by the organization to best convey the security posture of an organization’s information and information systems, along with organizational resilience given known threat information. This necessitates: • Maintaining situation awareness of all systems across the organization; • Maintaining an understanding of threats and threat activities; • Assessing all security controls; • Collecting, correlating, and analyzing security-related information; • Providing actionable communication of security status across all tiers of the organization; and • Active management of risk by organizational officials. Purpose: The purpose of this guideline is to assist organizations in the development of an ISCM strategy and the implementation of an ISCM program that provides awareness of threats and vulnerabilities, visibility...

Words: 4395 - Pages: 18

Free Essay

Should Internet Activity Be Monitored

...Internet Activity be Monitored? There has been an ongoing debate over many years on whether or not internet activity should be legally monitored by Internet Service Providers or the government. Obviously there many pros and cons to both sides of this issue. There is not only a valid need for internet monitoring of private networks in addition to government systems, but there is also a valid concern for the privacy of our country’s citizens. Both sides of this issue will be addressed as well as my own analysis of this topic. There is quite a bit of history regarding monitoring public internet communications. Some forms of electronic surveillance have been around since the Civil War. The 4th Amendment is a citizen’s primary protection against unreasonable government searches and seizures. As technologies advance the meaning of unreasonable becomes more and more unclear; meaning when private information is transmitted through wire over a long distance is it still considered private information? During the 1920’s, as phone calls were being place through switchboards, it was noticed that more and more conversations regarding illegal activities were being talked through those phone calls. It was then that police asked for clarification from the Supreme Court on whether or not wiretaps went against the 4th Amendment. It was decided that the 4th Amendment did not restrict wiretaps since there was no search not seizure. Government agencies, such as FBI and National Security Administration...

Words: 2294 - Pages: 10