Risk & Security Monitoring Guidance
INARMA helps companies
determine what logging and monitoring controls you should have in place, after evaluating what is available in your environment.
We help organizations implement and manage cybersecurity monitoring procedures. These procedures take into account information and services that are provided by any external third parties that support your business. We help determine if "canned" reports obtained from business support and IT infrastructure systems are reasonable for your company or if specialized reports are necessary. We help make sure that you get and review the information that regulators expect you to review.
We can help you evaluate the need for, and management of, third party monitoring service providers.
Monitoring Management Services
Whether you have systems and infrastructure in-house or outsourced, we can help you determine what information can and should be logged and reviewed. We will help you determine what monitoring reports and services are available from your providers and in-house systems and develop action plans for your internal review of inappropriate activity.
If you rely on a third party service provider for significant infrastructure or application hosting, we will help develop follow-up procedures in the event of problems or incidents.
We can help with your recurring vendor due diligence efforts. Our approach includes evaluation of vendor provided information, including SOC reports, security statements, financial reports, in addition to information we gather through questionnaires and discussions with vendors. If we recommend changes to your vendor’s control environment, we can help you discuss the requirements and expectations with the vendor and monitor for their compliance.
We recommend that user access be reviewed for critical systems at least twice a year. We recommend quarterly review of administrator accounts.
We will help you build the user access review procedures for critical support applications. We will identify the reports necessary and provide guidance on the review steps.
We can help manage the review to ensure timely completion, if requested.