14.2. Monitoring

Monitoring is a form of auditing that focuses on the active review of audited information or an audited asset. For example, you would audit the activity of failed logons, but you would monitor CPU performance. Monitoring is most often used in conjunction with performance, but it can be used in a security context as well. Monitoring can focus on events, subsystems, users, hardware, software, or any other object within the IT environment.

A common implementation of monitoring is known as illegal software monitoring. This type of monitoring is used to watch for attempted or successful installation of unapproved software, use of unauthorized software, or unauthorized use of approved software (in other words, attempts to bypass the ...

Get CISSP®: Certified Information Systems Security Professional: Study Guide, Fourth Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.