The requirement for information security monitoring is evident in most information security controls and standards including CobiT, ISO 27001, FFIEC and NIST. How effective the monitoring policy is determines how quickly an organization can respond to an attack or breach. Detection and response are the key variables for effective monitoring. A combination of technology and human intervention are required to identify any potential or past event. Software alone can only set off the alarms and initiate some automated business rules to secure other vulnerabilities, but it takes a human to stop a human!
Risk drives the degree of information security monitoring required in your business. In general, risk increases with system accessibility and the sensitivity of data and processes. To effectively monitor the constant flux of potential attacks and breaches, an internal IT, Security or Risk department would be working 24 x 7, 365 days a week. Everyday, a network threat is created, every new employee brings new vulnerabilities to the organization. Using a managed service provider for your information security monitoring might be the best value for your security investment. The provider is able to hire the resources required to meet the demands of the threats, what they learn from one customer is put in place to protect all the remaining customers. They are able to spread the cost of keeping up the constant flux across all customers, thus making a Managed Security Specialist outsource provider a sound business decision.
Passing the assurance of your information security monitoring to a managed service provider is well accepted in most frameworks and standards. There are provisions specifically written to handle the outsourced providers of your critical information security policies. It is not just about the level of sophistication in your tools; as software only provides a static view of information but in the experts that can understand those tools AND the organization’s business requirements.