MANAGED SERVICES: Protective Monitoring
» Encryption » Protective Monitoring » Accreditation »Protective Monitoring is increasingly relied upon more and more as malicious code is developed which can bypass or defeat the traditional security barriers of Firewalls and anti-virus software. These countermeasures, though still essential to prevent certain types of attack, should not be wholly relied upon. Protective Monitoring adds to the effectiveness of existing countermeasures by recording evidence of any attacks that circumvent these countermeasures. It also provides an evidence trail that will help inform investigation into any suspected incident.
Protective Monitoring helps protect systems against the following threats:
- Unauthorised breach of the boundary of the system (domain)
- Unauthorised attempt to access information within a domain
- Unauthorised export of information from a domain
- Unauthorised import of information into a domain
- Breach of Integrity of information or services
- Breach of Availability of information
- Repudiation of action or responsibility
Protective Monitoring is defined in a number of HMG Policy Documents (CESG Memo 22, HMG InfoSec Standard 1 (and thus the Manual of Protective Security), various National Infrastructure Security Co-ordination Centre (NISCC) documents) and is required by the codes of connection (CoCo) for ALL government secure Wide Area Networks (e.g. CJX, GSi, GSx, Libra CUG).
The Regency IT Consulting Protective Monitoring Service
The Regency IT Consulting Protective Monitoring Service processes and stores accounting logs as appropriate for either Partial or Comprehensive Protective Monitoring and can be configured to address all the relevant identified Security Requirements within CESG InfoSec Memo 22.
Logs are collected from devices being monitored and sent to an on-site forwarding device(s), where they can also be archived before being transmitted over a CESG approved encrypted link to our secure data centre for analysis, reporting and storage.
Storage
All accounting logs and audit records are stored for a minimum of 6 months in compliance with GSi and CJX requirements, and may be retained for longer if there is a requirement to do so, such as an on going investigation. In addition, all logs are backed up to a secure off site facility.
Reporting
Working with our support service staff and client IT team we provide timely reports to your Security Officer, into suspicious activity on the monitored system to allow preventative measures to be implemented and where necessary, investigations to be undertaken. We additionally supply a monthly management report of any suspicious activity. This reporting is typically done by exception (i.e. only confirmed incidents are reported). MIS type reports detailing devices monitored and logs reviewed can also be provided and are configured to meet client requirements.
Commercial Version
Regency IT Consulting are happy to undertake Protective Monitoring on behalf of private sector organisations as well and are happy to discuss specific Sarbanes Oxley, BASEL II or other requirements.
Contact
For further information relating to the Regency IT Consulting Protective Monitoring Managed Service, please contact Andrew Beckett.