Cyber-Security-Monitoring-Guide
07.07.2015 Views
Share Embed Flag

Cyber-Security-Monitoring-Guide

Cyber-Security-Monitoring-Guide

Cyber-Security-Monitoring-Guide

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
valdesjo77

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

<strong>Cyber</strong> <strong>Security</strong> <strong>Monitoring</strong> and Logging <strong>Guide</strong>!Manyrespondents seemed to believe that their organisation was more mature in cybersecurity monitoring and logging than their responses to the rest of the Project Surveywould indicate, showing that there is still a strong need for awareness in this area.Standards and guidelinesThere are many standards that specify (or allude to) requirements for cyber security logging (but very few about cybersecurity monitoring), which include:• 10 Steps to <strong>Cyber</strong> <strong>Security</strong> and the <strong>Cyber</strong> <strong>Security</strong> Essentials from CESG• ISO 27002 - Section 12.1 Logging and <strong>Monitoring</strong>• PCI DSS V3.1, particularly:o Part 10. Track and monitor all access to network resources and cardholder datao Part 11. Regularly test security systems and processes• The SANS 20 Critical Controls for Effective <strong>Cyber</strong> <strong>Security</strong> Defence particularly:o Control 14 – Event logging• The NIST 800-137 Information <strong>Security</strong> Continuous <strong>Monitoring</strong> (ISCM) for Federal Information Systems andOrganizations as part of a directive from the Federal Information <strong>Security</strong> Management Act (FISMA).“Being fully compliant with standards is still likely to leave you exposed to cyber security incidents”There are also a number of good sets of guidance in this area, which include:• Effective Log Management from the Centre for the Protection of National Infrastructure (CPNI) in conjunctionwith Context (April 2014)• CESG’s Good Practice <strong>Guide</strong> 13 (GPG13): Protective <strong>Monitoring</strong> for HMG ICT Systems• Magic quadrant analysis of related tools, such as the Gartner Magic Quadrant for <strong>Security</strong> Information andEvent Management 2014• SANS Analytics and Intelligence Survey (October 2014)• IDC Market Analysis – Worldwide Specialized Threat Analysis and protection 2013 – 2017 forecast• Logging and <strong>Monitoring</strong> to Detect Network Intrusions and Compliance Violations in the Environment fromthe SANS Institute InfoSec Reading Room (July 2012)• <strong>Guide</strong> to Computer <strong>Security</strong> Log Management (SP 800-92) from NIST (Sept 2006)• Many different vendor publications (often product-led).However, although these compliance and guidance documents are often very useful, they do not typically provide:1. Coverage of all aspects of cyber security monitoring and logging in one framework - more focus is needed on theactual monitoring process, plus specialised areas like security intelligence, SOCs and analysis of advanced persistentthreats (APT)2. Best practice for logging and monitoring cyber security (eg. focused on identifying, interpreting and responding toindicators of compromise - IOC), particularly for consumer organisations outside government or Finance sectors3. Guidance on how best to use scarce security budgets and resources – what’s the best ‘Bang per buck’?4. Advice on who organisations can ask for help – backed up by selection criteria.14

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!