The triggering of information security events is a process of checking the security of all events coming from different sources.
The monitoring of events.
Sources of events can be antivirus system, logs, operating systems, scanner analysis security infrastructure, network hardware, and other sources that are in the organization’s infrastructure.
When monitoring is very important, the systematization and accountability in the work with the documents. Exactly this function has virtual data spaces. You can also check any file and actions, browse the full history of changes in the files, or send links to read a specific version of a document. вдр offers a wide range of services, from capturing, editing, indexing documents, quality control, data collection, to storage software, to managing events.
System monitoring events fall into the following categories: SIEM – System for the management of events, coming from different sources, providing an analysis of the events in real-time. UBA system, the collection and analysis of user activity for finding possible internal threats and attacks. UEBA – System with the function of finding anomalies in the behaviour of employees and the various systems.
System for monitoring the effectiveness of employees, providing an analysis of user actions in the workplace and controlling their actions when handling confidential information. System search and detection of attacks aimed at improving the security of the organization’s infrastructure. System monitoring events enable an inventory of resources to analyze automated means, network applications, hardware and web services, reduce the cost of performing the audit, automate vulnerability management process and ensure compliance monitoring for the policy Information security by the company.
Data storage.
All security-relevant events that come from the agents, transferred to storage in the data store – virtual data space. The security administrator always has the option to join events that have been reported in recent weeks, months (depending on the size of the data store). The management console. To the settings of processing received events security, administrator, security, the configuration tool – console for centralized management. One can view events, information security and refer to the VDR on vdraum.de.
To correctly configure the activation of events, you must define some parameters and do the following: determine what, as an information security event, and what kinds of incidents may be, are inherent in a particular organization; to determine what events may precede the event information security; determine that a source of incident information security; Determine what risks can be associated with the selected events, and build all the risks according to their priority and importance in the organization.