Protective Monitoring: GPG13 Compliance
Protective Monitoring has various meanings in IT Security terms, but it is best known as a specific term used by UK Government (also known as Good Practice Guide 13, or GPG13) to refer to a set of recommended people and business processes and technologies aimed at improving risk profiles and reducing Cyber Risk. In other words, Protective Monitoring provides essentail oversight of IT systems across the whole enterprise.
Specifically, the Protective Monitoring Controls (also known as PMCs) define a set of control alerts and reports that provide feedback to those with responsibility for organisation risk and the performance of Protective Monitoring systems. This includes such information security control activities as inspecting firewall logs, investigating operating system security alerts and monitoring Intrusion Detection Systems (IDS). Protective Monitoring also includes putting in place mechanisms for collecting ICT log information and configuring ICT logs in order to provide an audit trail of security relevant events of interest.
Assuria cyber security software solutions are designed to facilitate Protective Monitoring services and to assist organisations in complying with GPG13, as well as other international standards such as ISO27001 and PCI-DSS. Our Forensic Log Management/SIEM solution, Assuria Log Manager (ALM), provides built-in GPG13 analysis, alerting and reporting features through the optional ALM GPG13 Content Pack.
ALM is a proven, CCTM accredited GPG13 solution, and is deployed and fully operational in UK classified projects up to the highest levels of classification. For more information on ALM's GPG13 features, please email Assuria at firstname.lastname@example.org.
In a general sense, protective monitoring includes; efficient, automatic monitoring, alerting and reporting of system changes, significant system events and file integrity monitoring.
Once systems are configured correctly and in a known and trusted state, with all security controls fully active, it is essential to have systems which monitor all subsequent configuration changes (such as a users being granted increased privileges). These monitoring systems must quickly assess whether changes are authorised at the appropriate level and whether changes take systems out of compliance. Assuria configuration change detection and event monitoring solutions provide visibility and alerting of such changes.