How effective is your security monitoring?

Can you police the policing?

By Jon Collins, Freeform Dynamics • Get more from this author

Posted in Security that Fits, 26th July 2010 10:03 GMT

Free whitepaper – Transforming IT culture

Workshop Poll For many organisations, the litmus test for IT security effectiveness is whether or not security breaches are reduced as a result. Security monitoring should help, but modern environments are complex and multi-faceted, and it can be difficult to determine how much is down to the tools, and how much is down to other factors such as policy.

In this quick poll, we want to get to the bottom of the effectiveness question, both in terms of monitoring itself, and whether resulting environments are any more or less secure. It's mostly tick-and-bash so grab a virtual pen and it should take no more than five minutes of your time, we'll feed your responses into the mill and have the results back to you in no time!

READER POLL: HOW EFFECTIVE IS YOUR SECURITY MONITORING?

1. To what level do you monitor and/or detect security breaches in relation to any of the following?

	Via ad hoc manual checks	Via regular manual checks	Via automated analysis (post event)	Via automated alerting (real time)	No real monitoring at all
Desktop systems
Email systems
Mobile equipment
Corporate website
Core business apps
Other (please specify)

2. To what level do you monitor unsuccessful attacks on such systems?

	Via ad hoc manual checks	Via regular manual checks	Via automated analysis (post event)	Via automated alerting (real time)	No real monitoring at all
Desktop systems
Email systems
Mobile equipment
Corporate website
Core business apps
Other (please specify)

3. Where do you predominantly run the following systems/apps?

	Predominantly run in-house	Predominantly hosted by a third party	Roughly 50:50 split between the two	N/A
Desktop systems
Email systems
Corporate website
Core business apps

4. Do you specifically monitor and keep track of any of the following user related exposures as opposed to simply dealing with issues as they arise and then forgetting about them? (Please tick all that apply)

Losing laptops/mobile equipment provided by IT dept
Losing personal laptops/mobile equipment
Losing removable storage devices e.g. USB sticks, data cards etc provided by IT dept
Losing personal storage devices e.g. USB sticks, data cards etc
Sending confidential info out of the organisation via email
Taking confidential info out of the organisation via removable storage devices/CDs etc
Accessing dodgy websites
Connecting to unknown or insecure WiFi hotspots
Other (please specify)

5. How happy are you that your monitoring capability provides adequate protection for the organisation in the following areas?

	Very happy 5	4	3	2	Not at all happy 1
Desktop
Email
Mobile equipment
Corporate website
Core business apps
User related exposures
Other (please specify)

6. Do you have policies in place to deal with user related security issues in the following areas? (Please tick all that apply)

Safe use of mobile devices
Safe use of the Web
Safe use of email
Handling and storage of electronic data
Privacy assurance and identity protection

7. Which of the following do you have in place to investigate security issues when they occur? (Please tick all that apply)

Formally defined policies & procedures within IT
Formally defined policies & procedures within the business
Comprehensive logs of system related activity
Forensic tools for investigating systems related activity
Disciplinary procedures for irresponsible employee behaviour
Other (please specify)

8. How much is compliance a driver for implementing monitoring capabilities?

	Major driver 5	4	3	2	Not a driver at all 1

9. To what degree have the following been an issue over the past 6 months?

	Major issue 5	4	3	2	Not an issue at all 1
Application downtime
Low level security issues e.g. spam
High level of desktop support requests
External security breaches
Internal security breaches (including data leakage)
Accidental data loss
Accidental data leakage
Other (please specify)

10. In terms of investment what priority is given to IT security monitoring and management spend in your organisation?

One of the highest priorities
Important, but second to many other investments
Minor importance, fairly low down the list of priorities
Unsure
N/A – Invested heavily in the past

11. Which of the following criteria do you take into account when making procurement decisions about security tools? (Please tick all that apply)

Vendor stability
Third party certification
High marks in comparison reports
Industry analyst endorsement
Functional assessment
Third party opinion
Media/online reviews
Other (Please specify)

12. Finally, do you have any advice that you can give with respect to monitoring security solutions?

BEFORE YOU GO

13. Approximately how large is your organisation (worldwide) in terms of employees?

Less than 10 employees
10 to 50 employees
50 to 250 employees
250 to 1,000 employees
1,000 to 5,000 employees
5,000 to 10,000 employees
Over 10,000 employees

14. Which of the following best describes your organisation?

Energy & Utilities
Financial Services
Healthcare
Hi-Tech
Manufacturing
Oil & Gas
Pharmaceuticals
Central/Local Government
Retail & wholesale
Professional services
Telecommunications
Travel & Transportation
Other (please specify)

Free whitepaper – Assuring application service quality

Security that Fits

Workshop