Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Public Sector Data At Risk Without Adequate IT System Monitoring

LogRhythm : 31 January, 2011  (Technical Article)
LogRhythm responds to the CESG warning on the failure of government bodies to take adequate measures to ensure the security of their data
CESG, the Information Assurance (IA) arm of GCHQ, warned government bodies this week that their failure to adequately monitor IT systems is putting sensitive data at risk.  When speaking at the Government ICT conference, Jon Ashton, director of IA, stated that ineffective network monitoring is often responsible for government departments dropping the ball in noticing what’s going on. It was also claimed that in some instances, government departments are not even producing logs, due to the lack of systems in place to review them.



LogRhythm, a log management and regulatory compliance specialist, argues that this patchy approach to monitoring is irresponsible and bound to result in more of the high profile data breaches that make the news on a regular basis.



“In reality, government bodies, or indeed any type of organisation, cannot effectively check all logs without using an automated solution,” said Ross Brewer, VP and MD of international markets at LogRhythm. “IT systems generate millions of logs on a daily basis and it is only by automating their collection and analysis that an organisation can get the full picture of what is happening across their IT infrastructure.  The apparently disparate nature of the government’s monitoring systems and the fact that some departments are not producing logs at all is unbelievable, given the number of security breaches that occur and the fact that monitoring and analysis is central to so many compliance regulations.”



In addition to ensuring the systems in place are comprehensive enough to monitor an organisation’s entire infrastructure, there are other issues that also need to be considered. Andy Nelson, the Ministry of Justice’s CIO, argues that it is not just about buying a proactive monitoring system, but how it is used that matters.



“The way that Protective Monitoring systems are deployed and used is crucial to how successfully they will meet an organisations requirements,” continued Brewer.  “When properly implemented, an automated and centralised log management solution should ensure that an organisation can monitor the whole of its IT infrastructure from a single screen with alerts and reports to ensure all aspects of the network are assessable and that nothing slips through. By using sophisticated, automated solutions in this way, IT processes can be optimised, establishing better procedures and eliminating inefficiencies. It is important to realise that log management does not simply detect security threats but also tracks correlations, patterns and anomalies that can help develop best practice principles across a range of areas. Substantial benefits can be obtained from the log resources that are currently being wasted, a fact government departments would do well to remember as public sector cuts start to bite.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo