Security Monitoring and Incident Management has become an essential element of the IT security and risk management practice. Regulatory requirements continue to be a primary driver for security monitoring and incident management. They demand capturing of security information, mandating the retention of information, emphasizing on an analysis of the same for breach investigation and asking to build an overarching process for management of incidents. The logs generated by information systems, servers, operating systems, security devices, networks and application systems provide critical information that is useful for detection of the state of security. The information generated by different types of devices on continuous basis, yields different sets of information that reflect the pattern of system behavior.
Organizations need to build a capability that enables continuous monitoring of the information flow, correlates the security patterns to detect a security incident that may compromise their security posture and responds to such incidents to minimize their impact. DSCI believes that Security Monitoring and Incident Management (MIM) is an important discipline of security that provides assurance on the capability of an organization in responding to disruptive and destructive information security events.
The success of a security program and the value being delivered by security initiatives lies in the organization’s responsiveness to an external attack and its ability to sense and manage an internal data breach. Increased disclosures of security breaches in recent years, hampering the confidence of end users over use of IT for their transactions, have resulted in policy responses witnessed in different compliance regulations that demand greater oversight and monitoring of the state of security. The compliance regulations also call for a coordinated approach to deal with events that may compromise the security of an organization.
This is attracting greater focus of the security profession towards defining concepts, finding technical solutions and identifying practices around MIM, which is helping to establish it as an important discipline of information security.DSF pays careful attention to this discipline as it represents organizations’ persuasiveness in continuous defence and demonstration of their capabilities against the compliance regulations. DSCI Best Practices represent contemporary understanding in this field – these include evolving practices around MIM and emerging technical solutions that help implement these practices.