|Monitoring and Detection Program
Controls must be in place to identify policy violations and that effective steps are taken to document and report these violations.
In addition to meeting compliance requirements a good monitoring and detection plan should provide a logical feed into your Change Management and Security Awareness plans.
· Compliance requirement are met
· Quality and cost improvement efforts are enhanced
· Fraud activities, stolen intellectual and physical property activities, misconfigured or unauthorized systems are identified
· Many other forms of malicious and accidental behavior is identified and documented in a manner that reduces the response time required to address the problem to acceptable levels
There is an old axiom that says “you cannot manage what you cannot measure”. While this is true in-part, the greater issue is that most companies have come to realize that many of their compliance requirements (i.e. Sarbanes-Oxley Act of 2002, HIPAA, GLBA, C-TPAT, contracts, more) require that a comprehensive monitoring solution be in place and that policy violations are identified and addressed.
JCHCI can help you put a monitoring and detection program in place that will integrate into your compliance requirements as well as work with your existing staff to ensure you are efficiently and effectively responding to incidents.