Domain 5 · 5.6 Security Awareness

5.6.4 Reporting, Monitoring & Development

10 min

Reporting, monitoring, and development involve the structured processes of identifying risks, overseeing technical environments, and applying frameworks to ensure governance and compliance.

Risk Reporting and Assessment Effective risk management requires a continuous cycle of identification, communication, and maintenance. - Risk Identification: Professionals must identify threat actors, internal vulnerabilities, and specific threat events. - Likelihood and Impact: Risk is defined by calculating the probability of an event and its potential damage to assets. - Reporting to Management: Results must be communicated to leadership to finalize risk response strategies (Accept, Transfer, Avoid, Mitigate). - Continuous Monitoring: Maintaining an assessment involves reassessing risks periodically to ensure responses remain effective as the threat landscape changes.

Monitoring Tools and Techniques Visibility into the network and environment is critical for detecting anomalies and ensuring operational stability. - NIDS/NIPS: Network-based Intrusion Detection (monitoring traffic for signatures) and Prevention (actively blocking malicious packets). - EDR: Endpoint Detection and Response provides deep visibility and automated response capabilities at the workstation or server level. - SNMP: The Simple Network Management Protocol is used for collecting data from and managing network devices; version 3 is preferred for its encryption capabilities. - Environmental Monitoring: Tracking physical factors such as temperature and humidity, often utilizing Hot and Cold Aisles to optimize airflow in data centers. - Log Management: Utilizing OS utilities and centralized systems to track file manipulation, authentication attempts, and network discovery activities.

Industry Frameworks and Standards Frameworks provide standardized "benchmarks" for developing a mature security posture across different organization sizes. - ISO 31000: A high-level, non-technical framework focused on enterprise-wide risk management from an executive perspective. - CIS Benchmarks: Provided by the Center for Internet Security, these are highly respected, practical configurations for securing systems. They are unique for explicitly addressing small, medium, and large organizations. - COBIT: Created by ISACA, this framework focuses on the governance and management of information technology at an enterprise level. - SSAE 18/SOC: Reporting standards from the AICPA used for auditing financial reporting and service organization controls.

Quick recall - CIS: Nonprofit benchmarks suitable for organizations of all sizes. - ISO 31000: Executive-level risk management guidelines. - COBIT: Enterprise IT governance and auditing. - EDR: Focuses on endpoint-level visibility and threat hunting. - Continuous Monitoring: The act of reassessing risk after a response is implemented. - SSAE: The standard for financial and attestation reporting.