Security monitoring
Security monitoring comprises several continuous or discrete activities to ensure internal control systems are functioning as expected in an organization. In today’s entrepreneurial world organizations have adopted different applications that require different level of security assessments and security measures. The organization should consider the fact that a security risk will vary between the external and internal applications hence these applications must be carefully reviewed in order to determine the prospective risks and ways of pre cautioning against the risk. Security monitoring activities are a major element in the organizations security plan in order to prevent loss as a result of the security threats (Hossein, 2006).
Organizations have to consider the ways in which the threats compromise data and information in order to determine the most effective monitoring activities. Internal threats occur within the organization by people having access to data and information in the organization. Such threats include; sabotage, errors and omissions, hacking, unauthorized access among others which jeopardizes accuracy, confidentiality and d integrity of data and information. Security against these threats could be achieved through event security monitoring and state security monitoring (Michael & Herbert, 2010). Event security monitoring involves taking records of information that entails activities and analyze information that has been recorded to ensure they are correct (Michael & Herbert, 2010); an organization must therefore take into consideration the applications to be used and the minimum level of security that can be used which will still enable full functionality. These activities should focus on several perspectives of the applications or systems in place that is, basing on the perspective of the operating system, from the perspective of the network operating procedures, from the view of application processing and also the view of database management system. The organization should never operate under the assumption that there will be no adverse events or actions.
Most organizations have automated their payroll activities owing to the fact that most businesses are moving with the change in technology. The payroll systems could be prone to errors and omissions, fraud and other threats therefore the data entered into payroll systems need to be updated and monitored to ensure its accuracy and completeness these will be achieved through state security monitoring activities that ensure the state of the data and information is maintained.
Human resources being a vital organ in any organization need to be well monitored, automation of staffing procedures increases transparency and guarantees that qualified personnel will be employed. The qualified staff recruited will in the long run minimize errors and omissions, and ensures quality delivery of services. Staff should also be trained on the proper handling of information systems that are used by the company .regular training and capacity building within the organization will reduce the risks associated with human resources.
Security monitoring for inventory purposes determines an organizations ability to grow .The organization is able to keep track of its activities and trends in development in the past present and use to project its position in the future. The state of the data in the inventory thus needs to be automated and be well secured .inventory data Is prone to industrial espionage, hacking and sabotage therefore proper security measures need to be installed and regular monitoring and auditing of the state of data. Restricted access and security checks should be given to such vital information to authorized personnel.
E-business (internet sales and marketing) applications such as e-commerce, supply chain management, online shopping, and remote access being the recent and preferably more customer satisfactory mode of doing business, most organizations have adopted the idea However with it comes multitude of security threats to data and information .such systems require huge databases, critical networks that can support the transfer of multimedia data and information and with the capability of supporting increasing number of users. They need to be monitored for security threats and their functionality maintained on a regular basis since they are more vulnerable to a wider scope of threats. Effective and efficient monitoring activities and policy framework should be put in place (Priescu, & Nicolăescu, 2008).
Conclusion
Both security event and security state monitoring are two complementary forms of security monitoring. Companies that desire to develop a security monitoring practice will need to follow a practice development method and will benefit by having an organizational structure that encourage broad participation from all potential stakeholders. It is important that the organizations identify their most important data and information to their day to day activities to be able to administer effective security monitoring. Proper identification of these data and information enables proper enforcement of both event security monitoring and state security monitoring.
Reference
Michael, E.Herbert, J. (2010).Management of Information Security. New York, NY: Cengage Learning.
Hossein, B. (2006): Handbook of information security. New York: John Wiley and Sons.
Priescu, I. Nicolăescu, S. (2008). Managing Security Monitoring in Enterprise Networks. Petroleum - Gas University of Ploiesti Bulletin, Mathematics - Informatics - Physics Series, 60(2), 53-58. Retrieved from EBSCOhost.
