Study Document
Security Monitoring Strategies Creating a Unified, Enterprise-Wide Essay
Security Monitoring Strategies
Creating a unified, enterprise-wide security monitoring strategy for any organization must be based on a series of strategic goals and objectives that encompass every functional area and system of a business. The intent of this analysis is to define the objectives that must anchor a security monitoring strategy to ensure its success, followed by specific recommendations for security monitoring of each major functional area.
Defining Security Monitoring Strategies
For an enterprise-wide security management strategy to be successful, the monitoring systems and processes must seek to accomplish three key strategic tasks. These tasks include improving situational awareness, proactive risk management and robust crisis and security incident management (Gellis, 2004). With these three objectives as the basis of the security monitoring strategies and recommended courses of action, an organization will be able to withstand security threats and interruptions while attaining its objectives.
Beginning with the internal systems including Accounts Payable, Accounts Receivable, Inventory, General Ledger, and Human Resources, monitoring needs to be designed to capture strategic threats at the operating system and application level to be effective (Nagaratnam, Nadalin, Hondo, McIntosh, Austel, 2005). Each of the applications in these areas of enterprise software is designed to be used in the context of user's roles and information needs. Restricting access to sensitive information by role as defined in these applications is critical to the monitoring of resources and their effectiveness in delivering value to the organization (Gordon, Loeb, Tseng, 2009). Creating a governance framework hat can provide for enough role-based flexibility while monitoring overall performance is critical for an organization to keep accomplishing its goals while also staying secure (Khoo, Harris, Hartman, 2010).
Often the many internal systems of a business are integrated into a common enterprise-wide information platform. Many organizations use Enterprise Resource Planning (ERP) system to unify these many systems into a single system of record to make security management and monitoring more cost-effective (Gellis, 2004). For the many internal IT systems that require IT monitoring, integrating them into a common system of record is also critical as it allows for auditing of cross-system and intra-system transactions. Too often organizations fail in their security monitoring strategies by allowing silos of systems to dominate their overall IT architecture (Nagaratnam, Nadalin, Hondo, McIntosh, Austel, 2005). By applying security monitoring at both the strategic IT level including the system of record and at the role-based access level of each application, organizations can attain a 360-degree level of system monitoring compliance and threat assessment.
Having an integrated system security structure also allows for more effective risk management strategies including the ability to isolate and act on security incidents more effectively than siloed systems allow for. Each of the mission-critical systems within a business, encompassing Accounts Payable, Accounts Receivable, Inventory, General Ledger, and Human Resources rely on integration with systems and processes external to the company as well. Integrating to systems outside the organization also present risks to the entire organization as well. These external integration links, whether automated through the use of advanced system technologies or defined through the use of logins and passwords, must be monitoring and audited as well (Gellis, 2004).
The risks and need for security are amplified by the use of Internet-based marketing, sales and e-commerce systems (Kesh, Ramanujan, Nerur, 2002). Monitoring of these applications is more challenging as they are open to the public. The first area of monitoring is on security…
Sample Source(s) Used
References
Desai, M.S., Richards, T.C., & Desai, K.J. (2003). E-commerce policies and customer privacy. Information Management & Computer Security, 11(1), 19-27.
Gellis, H.C. (2004). Protecting against threats to enterprise network security. The CPA Journal, 74(7), 76-77.
Ghosh, A.K., & Swaminatha, T.M. (2001). Software security and privacy risks in mobile e-commerce. Association for Computing Machinery.Communications of the ACM, 44(2), 51-57.
Gordon, L.A., Loeb, M.P., & Tseng, C. (2009). Enterprise risk management and firm performance: A contingency perspective. Journal of Accounting and Public Policy, 28(4), 301.
Related Documents
Study Document
Strategic Benefits of Adopting an Enterprise Cloud Computing Platform...
Business Systems Development The Strategic Benefits of Adopting an Enterprise Cloud Computing Platform Cloud computing platforms are enabling enterprises to attain faster time-to-market of new products, in addition to enabling higher levels of collaboration and communication with suppliers, stakeholders and partners externally. Enabling cost reductions through consolidation of legacy IT systems while increasing process efficiencies is delivering a positive Return on Investment (ROI) while also increasing customer responsiveness. The strategic benefits of
Study Document
Cloud Computing Information Security in
This approach to defining a performance-based taxonomy will also allow for a more effective comparison within industries as well. All of these factors taken together will provide enterprise computing buyers with more effective foundations of arguing for more thorough measures of application performance. The net result will be much greater visibility into how cloud computing is actually changing the global economics of the enterprise computing industry. III. Final Report: Introduction The foundational
Study Document
Network Design Network ABC Network Design a
Network Design Network ABC NETWORK DESIGN A Comprehensive Proposal and Design for ABC Inc. Network Requirements Network Proposal Overview Telecommunication Overview Telecommunication Proposal Network Configuration Management Plan In order to meet the needs of the customers, ABC Inc. must insure that productivity is not hindered by the growth of the company. The employees at ABC Inc. must have a robust network so that customer service is not jeopardized. The accounting firm has grown from five to fifty employees
Study Document
Spam Filtering Solution Available and
However, cursory studies that have been conducted are either biased because they seem to present a biased review of certain products or are insufficient because of their limitations and shallowness. Those studies that have been considered to be useful are mentioned below. Robert D. Boerner, Joanne Bourquard, Pam Greenberg (2000) comprehensively elaborates the legal aspect of spam. He provides an in-depth review of the present laws in actions and the
Study Document
Unauthorized Information Systems Access
Unauthorized Information Systems Access Scan the Internet for articles or evidence of Bank of America being a victim of hacking. Based on the results of your search, if the bank has been hacked, assess the circumstances around the hacking and the resulting impact to the bank's customers and operations. If the bank has not reported hacking incidents, assess the most likely security measures that the bank has implemented to protect the
Study Document
Revolution That Started When Information
As the business changes, developers can more easily map business process changes to applications and then implement the appropriate it changes. SOA facilitates business connections. With business processes packaged as modular, accessible business services, enterprises can connect them where and when they are needed to optimize processes across customers, partners, suppliers, and their own internal applications SOA enhances business control. Because services model business processes, the flow of data and transactions