Feeds

How effective is your security monitoring?

Can you police the policing?

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Workshop Poll For many organisations, the litmus test for IT security effectiveness is whether or not security breaches are reduced as a result. Security monitoring should help, but modern environments are complex and multi-faceted, and it can be difficult to determine how much is down to the tools, and how much is down to other factors such as policy.

In this quick poll, we want to get to the bottom of the effectiveness question, both in terms of monitoring itself, and whether resulting environments are any more or less secure. It's mostly tick-and-bash so grab a virtual pen and it should take no more than five minutes of your time, we'll feed your responses into the mill and have the results back to you in no time!

READER POLL: HOW EFFECTIVE IS YOUR SECURITY MONITORING?

1. To what level do you monitor and/or detect security breaches in relation to any of the following?

  Via ad hoc manual checks Via regular manual checks Via automated analysis (post event) Via automated alerting (real time) No real monitoring at all
Desktop systems
Email systems
Mobile equipment
Corporate website
Core business apps
Other (please specify)

2. To what level do you monitor unsuccessful attacks on such systems?

  Via ad hoc manual checks Via regular manual checks Via automated analysis (post event) Via automated alerting (real time) No real monitoring at all
Desktop systems
Email systems
Mobile equipment
Corporate website
Core business apps
Other (please specify)

3. Where do you predominantly run the following systems/apps?

  Predominantly run in-house Predominantly hosted by a third party Roughly 50:50 split between the two N/A
Desktop systems
Email systems
Corporate website
Core business apps

4. Do you specifically monitor and keep track of any of the following user related exposures as opposed to simply dealing with issues as they arise and then forgetting about them? (Please tick all that apply)

Losing laptops/mobile equipment provided by IT dept
Losing personal laptops/mobile equipment
Losing removable storage devices e.g. USB sticks, data cards etc provided by IT dept
Losing personal storage devices e.g. USB sticks, data cards etc
Sending confidential info out of the organisation via email
Taking confidential info out of the organisation via removable storage devices/CDs etc
Accessing dodgy websites
Connecting to unknown or insecure WiFi hotspots
Other (please specify)

5. How happy are you that your monitoring capability provides adequate protection for the organisation in the following areas?

  Very happy
5
4 3 2 Not at all happy
1
Desktop
Email
Mobile equipment
Corporate website
Core business apps
User related exposures
Other (please specify)

6. Do you have policies in place to deal with user related security issues in the following areas? (Please tick all that apply)

Safe use of mobile devices
Safe use of the Web
Safe use of email
Handling and storage of electronic data
Privacy assurance and identity protection

7. Which of the following do you have in place to investigate security issues when they occur? (Please tick all that apply)

Formally defined policies & procedures within IT
Formally defined policies & procedures within the business
Comprehensive logs of system related activity
Forensic tools for investigating systems related activity
Disciplinary procedures for irresponsible employee behaviour
Other (please specify)

8. How much is compliance a driver for implementing monitoring capabilities?

  Major driver
5
4 3 2 Not a driver at all
1
 

9. To what degree have the following been an issue over the past 6 months?

  Major issue
5
4 3 2 Not an issue at all
1
Application downtime
Low level security issues e.g. spam
High level of desktop support requests
External security breaches
Internal security breaches (including data leakage)
Accidental data loss
Accidental data leakage
Other (please specify)

10. In terms of investment what priority is given to IT security monitoring and management spend in your organisation?

One of the highest priorities
Important, but second to many other investments
Minor importance, fairly low down the list of priorities
Unsure
N/A – Invested heavily in the past

11. Which of the following criteria do you take into account when making procurement decisions about security tools? (Please tick all that apply)

Vendor stability
Third party certification
High marks in comparison reports
Industry analyst endorsement
Functional assessment
Third party opinion
Media/online reviews
Other (Please specify)

12. Finally, do you have any advice that you can give with respect to monitoring security solutions?

 

BEFORE YOU GO

13. Approximately how large is your organisation (worldwide) in terms of employees?

Less than 10 employees
10 to 50 employees
50 to 250 employees
250 to 1,000 employees
1,000 to 5,000 employees
5,000 to 10,000 employees
Over 10,000 employees

14. Which of the following best describes your organisation?

Energy & Utilities
Financial Services
Healthcare
Hi-Tech
Manufacturing
Oil & Gas
Pharmaceuticals
Central/Local Government
Retail & wholesale
Professional services
Telecommunications
Travel & Transportation
Other (please specify)

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.