|Type of paper:||Research paper|
|Categories:||Information technologies Software Cyber security|
Dempsey et al. (2012) define information security continuous monitoring (ISCM) as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. An effort supporting ISCM in a company usually begins with leadership. Although ISCM is essential since it prevents possible threats and identifies risks, it can be challenging to an organization as it is costly, and malware may be introduced to the system.
The Importance of Continuous Monitoring of Information Systems
It helps prevent possible threats before they get out of hand (Mell et al., 2012). For instance, ISCM makes it easier to know an organization's security risk posture. Through it, people can detect malware even before it gains access to the information system and tracks unauthorized access. An asset inventory can also be provided by ISCM. This way, every hardware, and software is categorized and monitored, preventing any risk from occurring. Continuous monitoring also simplifies the aggregation of an organization's data, and this helps them to know which product to target for optimization resulting in an increase in performance and sales.
The monitoring system identifies risks and their solutions through risk quantification (Alsadhan & Park, 2016). This strategy makes it easy for an organization to review and isolate the main threats, then focus on lesser risks through risk quantification. A decision can then be made whether to deny or accept the risk. Through automated remediation, a structured response to rectify the issue is also provided and applied. The remedies are prioritized, making it easier for the data manager to restore the system back to its previous functions.
The Technical and Managerial Challenges of Continuous Monitoring
Problems are usually encountered during the implementation of ISCM. An organization can introduce a new endpoint that can be overlooked, whereas an employee can log in to a neighbor's WI-FI that is not registered in the system. This can lead to the introduction of malware that will damage the system (Eizmendi, Azkoitia, & Craddock, 2007). Also, various tools are used to collect data from endpoints. Piecing together, the information collected becomes a challenge due to the conflicting and overlapping data. The use of unreliable tools utilized during the collection of information usually results in questionable data.
It is impossible to sort through terabytes of data in a short time (Eizmendi, Azkoitia, & Craddock, 2007). This becomes a burden when security control mechanisms aren't integrated because going through various logs results in data omission. What's more, running a monitoring system without selecting the frequency is a challenge. It is advantageous to perform assessments on an hourly basis, but it can become chaotic because of compliance violations and the piling up of data.
Developing and implementing a monitoring system can get expensive for the organization (Eizmendi, Azkoitia, & Craddock, 2007). Covering the cost of the required hardware and software can drain resources even before implementation. Moreover, having a staff that's not computer literate can be disadvantageous. An employee can unknowingly expose the organization to risks that the system cannot detect.
The Technical and Managerial Solutions to Continuous Monitoring
Solutions can be implemented to make the system run more smoothly. The hybrid approach helps keep tabs on endpoints. Pairing passive, real-time monitoring with an always-on, active scanner can provide you with both clarity of vulnerable endpoints and detection of newly-created assets (Virgillito, 2018). One also gets the capacity of detecting network activities from unknown devices, not presented an asset list, or provided on the platform of Master Data Management (MDM). Through applying MDM techniques, cross-references, and other capabilities can be used to determine master identifiers for devices along with all the additional identifiers used by different sensors (Virgillito, 2018).
Organizations need to develop a solution that fuses data together. According to Virgillito (2018), incorporating SIEM (Security Information and Event Management) system will enable organizations to correlate activities across different hosts and see threats categorized into distinct parts and then recreate a range of events to identify whether a threat can be mitigated or it's too late. Also, companies need to develop a schedule for the ISCM to run. An achievable frequency will make it possible to detect and address deviations depending on their financial capability and resources. Not to forget, computer-literate employees should be hired to make it easy to use the system. The organization should also make it a routine to educate the staff annually on the use and importance of ISCM.
Another critical thing to remember is that developing and implementing a competency framework helps avoid future problems. The real-time environmental metrics framework examines a database of published asset vulnerabilities, compares in real-time computers' assets for existing exposures, and calculates computers' potential losses (Weintraub & Cohen, 2015). Components interdependencies consider component dependencies that predict possible impacts on the stemming of the company from a particularly vulnerable component. The process of predicting loss is based on the propagation of signals among components, starting from the vulnerable component, and ending at the organizational losses as stated by the user (Weintraub & Cohen, 2015). On the other hand, with risk assessment based on a consequences framework, potential loss prediction is based on the actual losses of similar past attacks on the specific vulnerable component, performed through the same attack vector. In cases when there has not been in the past a similar attack, the prediction will be based on past losses stemming from previous attacks on the specific component concerning all attack vectors. Then again, with a Learning algorithm, losses caused by past attacks may be noticed long after the time of the attack. Such late damages should update the predicted loss calculated by the algorithm.
Although ISCM is crucial since it prevents possible threats and identifies risks, it can be challenging for an organization as it is costly, and malware may be introduced to the system. It helps prevent possible threats by making it easier to know an organization's security risk posture. Also, it simplifies the aggregation of an organization's data. However, it has some challenges, including being costly and the impossibility of sorting terabytes of data in a short time. Therefore, it is essential to implement solutions that make the system run smoothly and help avoid future problems.
Alsadhan, T., & Park, J. S. (2016, June). Security Automation for Information Security Continuous Monitoring: Research Framework. In 2016 IEEE World Congress on Services (SERVICES) (pp. 130-131). IEEE.
Dempsey, K., Chawla, N. S., Johnson, A., Johnston, R., Jones, A. C., Orebaugh, A., ... & Stine, K. (2012). Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations: National Institute of Standards and Technology Special Publication 800-137. CreateSpace Independent Publishing Platform.
Eizmendi, G., Azkoitia, J. M., & Craddock, G. M. (Eds.). (2007). Challenges for assistive technology: AAATE 07 (Vol. 20). Ios Press.
Weintraub, E., & Cohen, Y. (2015). Continuous monitoring system based on systems' environment
Mell, P., Waltermire, D., Feldman, L., Booth, H., Ragland, Z., Ouyang, A., & McBride, T. (2012). CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture (No. NIST Internal or Interagency Report (NISTIR) 7756 (Draft)). National Institute of Standards and Technology.
Virgillito, D. (2018, November 21). Common Continuous Monitoring (CM) Challenges. Infosec Resources. https://resources.infosecinstitute.com/common-continuous-monitoring-cm-challenges/#gref
Cite this page
Free Essay: Information Security Continuous Monitoring-Challenges and Solutions. (2023, Apr 10). Retrieved from https://speedypaper.com/essays/information-security-continuous-monitoring-challenges-and-solutions
If you are the original author of this essay and no longer wish to have it published on the SpeedyPaper website, please click below to request its removal:
- Essay Example on Stakeholders' Interests in Management
- Analysis of Nepalese Foods - Photo Essay Sample
- Academic Essay on a Counselling Video
- Essay Sample with the Book Review of Evicted by Matthew Desmond
- Colonial vs Stylish Families: Analyzing Human Development. Paper Example
- Free Essay. Analytical Essay of Lead Female Character of The Movie Hyenas
- Paper Example on Pregnant Woman Abuse