Continuous monitoring plan for system performance and compliance

¶ … Monitoring Plan

Our organization is in the most advanced level: I will consider a wide variety of commercial and custom monitoring tools to handle the individual aspects of continuous monitoring. As the Chief Information Security Officer, I will purchase next generation firewalls, advanced intrusion prevention, security information management (SIM) and advanced log management systems to consolidate feeds into the alerting systems and monitoring dashboard (Fry & Martin, 2009). The SIM will be able to offer high-level threat by pulling information from asset information bases, financial systems of document classification systems. From the drawing, the organization will also combine monitoring capabilities on its own, by using open source, commercial and home-developed programs. All these continuous monitoring efforts will result in an improved situational awareness of users, systems, and activities. It will also foster a better awareness of attacks being attempted on the networks regardless of their best pro-active efforts.

I will integrate the security systems of the organization for continuous monitoring. As the head of security, my collaboration with the operations team will be helpful in identifying the detective and proactive security data sets valuable to our monitoring efforts. The most time consuming part in integrating this network-monitoring piece will be the business logic. I will choose a vendor for analyzing data and data modeling to assist in the business logic development and integration (Broad, 2013). However, the IT staff will still need to customize these risk priorities and standard alerts based on our unique business needs. I will seek identify and understand the uses of the systems by working with various engineers and business units.

I will integrate all organization's reporting systems through the log management ground for correlation and normalization instead of having them exist as individual silos. Then, I will integrate the results into our situational awareness dashboard for full reporting and analysis. By heavily leveraging policies and by using self-developed policies within our management systems and commercial monitoring, I will integrate real time alerts from the individual monitoring platforms and system consoles (Broad, 2013). The business logic of the security system will also be developed to enable upgrades in policy whenever necessary. I will choose to implement real-time network forensics and pervasive network recording.

I will ensure that the organization's help desk is responsible for escalating alerts stemming from every security appliance before I conduct the integration. Most of it will be automated. I will collaborate with the administration to perform the tasks using one integrated console instead combining work every day and analyzing the consoles (Fry & Martin, 2009). From the drawing, a pressing concern seems to be an intelligence report about emerging vulnerabilities recently discovered in the Adobe PDF Reader software. This PDF could hide obfuscated executable that might lead to complex malware infections.

To ensure the company's security status, I will initiate a quick search using data visualization devices to investigate various potential threats including the source and the target IP, the external source domain, and actual file name of potential attacks. I will then use both the all-data search and the interactive forensics capability to drill down into the details about the host to reveal more about the system. I will open the security operations dashboard to verify that all the necessary software are installed and not vulnerable to possible attacks (Fry & Martin, 2009).