Skip to Main Content
Security Monitoring
book

Security Monitoring

by Chris Fry, Martin Nystrom
February 2009
Intermediate to advanced content levelIntermediate to advanced
256 pages
7h 43m
English
O'Reilly Media, Inc.
Content preview from Security Monitoring

Types of Policies

Two types of policies are used for monitoring: regulatory compliance, which involves adherence to externally enforced controls, and employee policies, which govern the security compliance of employees.

Regulatory Compliance Policies

All companies are bound by some form of IT legislation in the countries where they conduct business. This legislation places obligations and restrictions on the company, and compliance with these rules often requires active monitoring. Examples of such laws include the Sarbanes-Oxley Act of 2002 (SOX), which requires demonstration of integrity in accounting; the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which protects the privacy of personal health information; and California’s Senate Bill 1386 (SB1386), which protects the privacy of personal information.

In addition to regulatory compliance, adherence to industry standards is a further necessity, which requires verifiable compliance with sets of best practices. Some may be required by business partners as a means of ensuring data handling, such as the Visa PCI standards.

Example: COBIT configuration control monitoring

Control Objectives for Information and related Technology (COBIT) is a set of standards that the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI) introduced in 1992. IT management may subscribe to the control objectives set forth by COBIT, and require the development of monitoring procedures to maintain ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Applied Network Security Monitoring

Applied Network Security Monitoring

Chris Sanders, Jason Smith
Network Protocols for Security Professionals

Network Protocols for Security Professionals

Yoram Orzach, Deepanshu Khanna

Publisher Resources

ISBN: 9780596157944Errata Page