Take control of IT security: from detection to action

18 February 2019, 4 min leestijd

In my previous blog post, I described the four-step approach that will help you ensure your business is compliant with legislation and regulations, as well as how to keep cyber threats at bay. In this blog post, I will go into this in more detail and explain how you can automate these four steps using the Security Monitoring and Control tool from Ctac. I will also explain why log files are essential when using this tool if you want to quickly identify and address security and compliance incidents.
IT security is relevant throughout the entire organisation. For instance, a company might have its financial administration in good order and be fully compliant with the applicable legislation and regulations, but for auditors these days, this may no longer be enough. They will also ask for an audit trail to find out what has happened to certain data. Who has had access to this data? And when and by whom has that information been viewed or edited?
Take control of IT security: from detection to action

The use of audit trails is very common in finance. In actual fact, it would be desirable if all sensitive information within an organisation also had an audit trail like this. In the same way you want to ensure that sensitive information stays within the (virtual) four walls of your organisation, customers, suppliers and employees also want to be sure that their data is properly managed. In fact, it is actually a criminal offence to fail to ensure that the security of your data is properly organised. Not to mention the reputational damage that a data leak might cause. This requires the Security Officer to continuously guarantee the availability, confidentiality and integrity of data, and to push the right buttons whenever there is any danger of these being compromised.
A Security Officer must be able to demonstrate quickly and clearly what possible risks and threats there are within the organisation, as well as what actions are needed to mitigate these. As I already emphasised in my previous blog post, this is a major challenge given the myriad of systems and data flows within organisations. The question that occupies the minds of many Security Officers is how they can make the process of identifying, analysing, reporting on and resolving IT security risks a manageable one. And there is an answer to this!
How can IT security and compliance be made manageable?
A Security Officer can use the Ctac Security Monitoring & Control tool to set up an entire cycle of protection, detection and response to tackle threats throughout the entire IT landscape. Cyber threats, such as unauthorised user actions, espionage or malware, are automatically detected. Automated analyses enable cyber security specialists to immediately identify and thoroughly analyse abnormal patterns to determine whether a security incident has actually occurred or not.
It makes monitoring users and managing rights and access privileges easier. Login activities, for instance, are geographically sorted and login activities of users and administrators are mapped out in a manageable way. Furthermore, there is strict control of new password requests and the installation and activation of applications and services. Security Monitoring & Control enables organisations to monitor their critical information systems. This includes, for instance, tracking critical changes to master data or the use of accounts with high-level privileges. Even security updates that have not been installed yet can be detected, as can the use of services and applications that the organisation has decided to disallow.
The real-time insight that is created in this way ensures that the organisation is in control of the information security of its systems and data. Thanks to the provision of dashboards and reporting options, organisations are also able to demonstrate to external auditors that their systems are fully compliant.
The importance of log files
The Security Monitoring & Control tool is fed with information from your own organisation. Each application stores log files in which the activities of users and systems are recorded. By using the tool to collect this information from all relevant systems and applications, organisations can obtain a better understanding of the security risks. Data from the collected log files will be used to generate automated alerts and can be compared against predefined use cases. These alerts will allow cyber security specialists to decide whether any follow-up action is needed. As more log sources are fed into the system, the specialists will be able to determine with a greater degree of accuracy whether a security incident is 'real' or not. This means that you and your organisation will have obtained sufficient assurances on your security incident response process.
But apart from the security incident response process, reporting and insight is very important for the Security Officer, as the information from this system will help them compile periodic reports and provide near-real-time insight by means of online dashboards.
With sufficient relevant information from all systems and applications, organisations will be able to detect security threats increasingly quickly. Collecting data, measuring it, identifying risks and then taking relevant actions will ensure that identification, analysis, reporting and resolution of IT security risks becomes a manageable process. Furthermore, it becomes a simple task for a Security Officer to demonstrate that their organisation is compliant with legislation, regulations and standards.
If you would like to know more about how to make IT security and compliance manageable, please join our Webinar: In control of your information security on 14 March, 10:00 – 10:30.