Part of the Cyber Maturity series of articles, this section focuses on Monitoring.

Quoting the 10 Steps to Cyber Security Guidance Sheets:

Monitoring Information and Communications Technologies (ICT) activity allows businesses to detect attacks and react to them appropriately whilst providing a basis upon which lessons can be learned to improve the overall security of the business. In addition, monitoring the use of ICT systems allows the business to ensure that systems are being used appropriately in accordance with organisational policies. Monitoring is often a key capability needed to comply with security, legal and regulatory requirements.

The specific recommendations are:

  • Produce corporate policies
  • Limit the use of removable media
  • Scan all media for malware
  • Audit media holdings regularly
  • Encrypt the information held on the media
  • Lock down access to media drives
  • Monitor  systems
  • Actively manage the reuse and disposal of removable media
  • Educate users and maintain their awareness

What are your experiences in this area? How are you managing these controls?
Please share with the community in the comments area below.


Where is good practice referenced? Please let the community know in the comments area below.

The pages referenced in this series of blog articles are derived from the  10 Steps to Cyber Security Guidance Sheets published by BIS and GCHQ in this press release.
The documents are Crown Copyright and used here with permission under the government open license.

Please join the discussion, we welcome your views...

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: