Security monitoring: business objectives
Published 22 June 2015
© Crown copyright 2015
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/security-operations-and-management/security-monitoring-business-objectives
1. Introduction
This section starts by identifying the business objectives that are fundamental to your security monitoring approach. They provide the business context in which your security monitoring planning will take place.
The next section highlights key aspects within an organisation’s security monitoring approach that decision makers need to address. For each key aspect, we’ve identified:
- a security monitoring requirement that’s relevant to the key aspect in question
- examples of what your organisation can do to meet the security requirement
By fulfilling the security monitoring requirements, organisations can, in turn, meet their broader business objectives.
Note that the ‘weighting’ of each business objective will be specific to each organisation, and they should not be applied ‘en masse’ across all businesses. Rather, the objectives should be applied where they are applicable in the context of the organisation under consideration. For example, the business objective ‘Ensure traffic exchanges are business approved and conform to organisational policy’ is crucial for establishing connectivity to a new business partner, but less so when planning the deployment of a new desktop capability.
In summary, one size does not fit all. For each internal ICT project, the security monitoring business objectives must be weighted accordingly, as failing to do so will lead to inappropriate monitoring that is likely to be both uneconomic and ineffective.
2. Business objectives
The following business objectives provide the business context in which your security monitoring planning will take place:
- ensure traffic exchanges are business approved and conform to organisational policy by monitoring business traffic at the organisational ICT boundary
- enable action to be taken against malicious content by detecting and alerting the organisation to suspicious activity at the organisational ICT boundary
- enable action to be taken against attacks from either internal users (or from external attackers who have penetrated the boundary defences) by detecting suspicious activity inside the organisational ICT boundary
- ensure internal user accountability, legal and regulatory compliance and conformance to organisational policy by monitoring users activity, accesses and use of internal ICT equipment
- ensure remote working user accountability, legal & regulatory compliance and conformance to organisational policy by monitoring remote access solutions
- detect accidental or deliberate acts by users or the presence of malware by monitoring changes to device status and configuration
- enable immediate action to be taken on critical events by alerting the organisation in as close to real-time as is achievable
- provide management with the information to improve the security monitoring service by providing reporting on the performance of the service
- ensure that all monitoring is conducted lawfully by understanding the legal framework under which monitoring takes place
3. Key aspects and security requirements
The following PDF highlights the key aspects of your security monitoring approach that you need to consider, and for each one, identifies a relevant security monitoring requirement. It then lists examples of what your organisation can do to meet the security.