Can End User Monitoring Bring More to the Organisation Than Just Increased Security and Compliance?
As firewalls, email and content filters work invisibly in the background, is the most obvious place to detect IT wrong doing, or even take a snapshot of business activity, right in front of our eyes? User activity monitoring could, potentially, yield enormous benefits for an organization far beyond just detecting user transgressions. The real advantage this approach could bring to the security community is that these additional benefits can increase organizational buy-in to security and compliance issues and their resolution.
If it were possible to screen everything a user sees and everything a user does, such activity could then be checked against a set of policies so that breeches could be detected and reported. If the screening can take place without the need to record every action this screening need not infringe on a users privacy or interfere with productivity Such a facility could enforce the policies to tackle one the most widespread IT issues that of computer misuse within the organization itself e.g. IP Theft, insider trading and inappropriate, personal use of resources.
If these policies could also detect the completion of online documents, copies of such documents (image, content, etc) could be archived as an independent audit trail for compliance purposes.
Such document capture can provide an instantaneous raw data feed for compiling up to the minute “state of the business” information, BAM (Business Activity Monitoring) and BIM (Business Impact Monitoring) so that companies can demonstrate “due diligence” with regards to their business “state of readiness and compliance” capabilities. BAM also brings other benefits:
BAM – “A term coined by Gartner, BAM is a way to gain meaningful, instant visibility into critical business operations. It works by capturing events from operational systems… To be effective, BAM should permit deep visibility into operations, but BAM should also perform the event-context correlation extremely quickly.” Diaz Nesamoney, CEO, Celequest.
First, however, the raw data must be captured and this where the difficulties begin. The main Electronic Points of Capture (EPOC) for an organization are:
- Desktops
- Websites
- Web Services
- EPOS (Electronic Point of Sale)
Technologies already exist to independently monitor Websites (in page agents), and Web Services (via a Web Service proxies). EPOS already feeds raw data into the organization which leaves the Desktop. Windowing systems such as MS Windows are notoriously difficult to monitor due to the sheer amount of activity in a Windowing system and the diverse nature of the technologies used “behind the scenes”. There, however, emerging techniques to enable the generic capture of Window content for both MS Windows and Non-MS Windows based systems.
Is should not be overlooked, however, that the monitoring of user activity data would also enable the accurate measurement of policy breech activity and therefore policy effectiveness. Such capabilities enable Management to spot and take action to alter trends and thus assist demonstrate corporate compliance and “Due Diligence”.
Sean Bennett is Commercial Director at Orthus limited (http://www.orthus.com). Orthus is a leading provider of information risk professional services, helping orgnisations globally to measure, minimise and manage the information risks they face. Orthus provide end to end services for clients to comprehensivly address risk in their environments including Insider Threats, addressing issues including data leakage, sabotage and fraud; External Threats (http://www.orthus.com/dr_overview.htm) including wireless security, penetration testing, virtualisation security, vulnerability management and Secure Software Development Life-Cycle; Supply Chain Threats including securing cloud services and data processed by third parties; and Legal and Regulatory challenges including Payment Card Industry (PCI) Data Security Standard (DSS).
Welcome back! You may want to subscribe to my RSS feed. Thanks for visiting!
If you enjoyed this post, make sure you subscribe to my RSS feed!
Related Posts - Why Use Privacy Control Software to Protect Your Privacy? Privacy Control software is a form of software that permits individuals to securely clean and remove the information that they no longer want on their computer. This is a very important and necessary tool for anyone concerned about the privacy of their data since many of Windows’ history and file......
- Top 10 Compliance Spreadsheet Risks and How to Avoid Them - PART 1 One of the biggest threats to compliance isn’t your employees or hackers, but a trusted tool: the spreadsheet. It is unstructured, untracked, and unsecured. Learn to recognize top spreadsheet risks and what you can do to reduce them. Compliance experts estimate that 80 percent of enterprises use spreadsheets to support......
- Think of it As a Safety Net Unless you are an IT or MIS technician or manager, you may have never heard of proxy servers. Most non-technical employees don't know the ins and outs of the technology systems they work with on a daily basis. In non-technical language, proxy servers are controllers or intermediaries, and can be......
- XPPolice is Out For Your Money XPPolice purports itself to be a legitimate antispyware tool, when in fact it is another rogue security program that is not capable of any type of benefit to the user. This program, like many other fakes, displays misleading and aggressive security alerts to the user in an effort to convince......
- How to Remove System Security System Security is a type of smitfraud (often referred to as "fake security software"). It is distributed via malicious websites, but also comes bundled with fake video codecs (e.g. those promising to show Shockwave and Flash clips). Unlike various other examples of rogue antispyware, system security virus is an extremely......
Related Websites -
Personal Security on Social Networking Sites Personal Security on Social Networking Sites By Kellep A. Charles, CISA, CISSP kellep_charles@yahoo.com Visits to social networking sites account for more than 10% of the total time people spend on the Internet, according Nielsen Online. A social network site focuses on building online communities of people who share common interests...... -
100 of the Best Privacy Tools and Online Resources [/caption] The Internet still remains a largely unregulated domain with no enforcement agency with any teeth to protect the privacy of citizens using the World Wide Web. Recent outrages such as the “Google Chrome Crime”, the “Facebook Fiasco” and “Whitehouse.gov – gate” have encouraged Internet users to take it into...... - How To Make Money Online Your business online. People want to know how to make money online. OK, I’m going to answer this question briefly. So in order to start making cash on the net you should make sure that you’ve got two essential things. The first one is a computer connected to the Internet.......
- 3 Popular Ways To Rev Up Your Article Marketing A lot of marketers are using article marketing in the hopes that they will get free publicity for their website, prospects, and profits. However, not all of them are getting the benefits that they are looking for. They spend hours in front of their computers everyday, writing and distributing articles,......
- Twitter for first in the business-centric service There are a number of options currently under consideration as to how this will work but essentially it will be a ‘paid-for’ subscription service in which business users can tailor their own tweets and their own profiles to target individual customers and specific business markets. One such train of thinking......
« Identity Theft and What You Can Do About It – Part One | Home | USB detection using WMI script »
Leave a Comment