Protective Monitoring: GPG13 Compliance

Protective Monitoring has various meanings in IT Security terms, but it is best known as a specific term used by UK Government (also known as Good Practice Guide 13, or GPG13) to refer to a set of recommended people and business processes and technology aimed at improving company risk profiles and reducing Cyber Risk.

Specifically, Protective Monitoring Control 11 (also known as PMC11) defines a set of reports that provide feedback to those with responsibility for company risk on the performance of Protective Monitoring systems. 

Assuria cyber security software solutions are designed to assist organisations to comply with GPG13, as well as other international standards such as ISO27001 and PCI-DSS, and our Log Management/SIEM solution Assuria Log Manager (ALM) provides built-in GPG13 analysis, alerting and reporting features through the ALM GPG13 Content Pack (please contact Assuria at info@assuria.com for more details on the ALM GPG13 Content Pack). 

In a general sense, protective monitoring includes; efficient, automatic monitoring & reporting of system changes, significant system events and file integrity monitoring.

Once systems are configured correctly and in a known and trusted state, with all security controls fully active, it is essential to have systems which monitor all subsequent configuration changes (such as a users being granted increased privileges). These monitoring systems must quickly assess whether changes are authorised at the appropriate level and whether changes take systems out of compliance. Assuria configuration change detection and event monitoring solutions provide visibility and alerting of such changes.