Jackie Marshall, SVP, IT Regulatory Compliance
The correct answer is that financial institutions need both types of network security monitoring.
Monitoring and updating your system’s security posture is an important part of an ongoing effort to keep security processes current and also part of an effective GLBA Strategy. Technical risk sources include new systems, devices, vendor relationships, and increased access. Security personnel and management must remain alert to emerging threats and vulnerabilities. Monitoring potential risks and threats from technical sources require Activity Security Monitoring and Condition Security Monitoring services. This effort will combat a static GLBA security program that could become increasingly ineffective over time.
Gladiator’s CoreDEFENSE monitoring services fall into the category of Activity Monitoring services per the FFIEC. Activity Monitoring is primarily performed to assess system configuration policy compliance and identifies intrusions and supports an effective intrusion response. Because Activity Monitoring is an operational procedure performed over time, it is capable of providing continual assurance. These services focus on the activities and condition of network traffic and network hosts (i.e., network infrastructure versus core system infrastructure). There is no FFIEC directive requiring independence of Activity Monitoring services.
In contrast to Activity Monitoring, Condition Monitoring does not provide continual assurance, but relates to a point in time of a periodic test. Penetration tests, audits, and assessments are examples of Condition Monitoring and require independence in administration. Therefore, the company chosen for Condition Monitoring should not be responsible for the design, installation, maintenance, and operation of the tested system, or the policies and procedures that guide its operation. The reports generated from the tests should be prepared by individuals who also are independent of the design, installation, maintenance, and operation of the tested system.
Industry standards and best practices dictate both Activity Monitoring and Condition Monitoring to help ensure the security and confidentiality of confidential information stored on your network systems.