Introduction

CESG Good Practice Guide Number 13 (GPG13) provides guidance to HMG Departments and Agencies, and private sector organisations delivering products and services into HMG, on the Protective Monitoring (PM) of ICT systems.  PM is a set of business processes and technical security controls, which can enable the oversight of ICT system use; it also can assure user accountability in terms of their actions when operating ICT systems.  Even the most basic ICT system has in-built functionality which enables event and incident recording, and alerting.  However these records must be reviewed regularly or else they may not provide any business value.  More importantly failure to review these logs could enable those wishing to misuse ICT resources and information they store, create or otherwise process, to do so without fear of discovery.  Therefore there is an increased risk that the Confidentiality, Integrity and Availability of such systems can be adversely affected.

There is a misguided belief that technological solutions such as intruder detection and prevention systems, and firewalls can be simply deployed and forgotten; thereby providing an automated, all encompassing panacea, with zero-administrative overheads and flawless protection.   This is never the case.  GPG13 illustrates and provides evidence that the application of an effective PM framework will contribute to the treatment of Information Security risks; almost inevitably PM requires financial investment in terms of equipment and infrastructure; however of equally importance is that a PM solution is properly resourced in terms of manpower, expertise and Information Assurance and Security support and management.

CHANGE TO SYSOLS BLUE. The aim of this tool is to enable the assessment of an organisation's extant technical controls and PM framework; it may also be used to conduct through-life reviews in support of reporting in connection with an organisation's security strategy. CHANGE TO SYSOLS BLUE.

Next