GPG13 Compliance: More Than Log Collection and Monitoring

Traditionally, there has been widespread belief that protective monitoring can be achieved with a log collector and a vast array of disks to store the log files. Log data is then occasionally reviewed when a security incident is suspected. Unfortunately, this approach tends to be both resource and skill intensive, and has marginal success in identifying changes that matter.

Good Practice Guide 13 (GPG13) fully outlines the set of protective monitoring processes and underlying protective monitoring rules that should be considered when deploying a protective monitoring solution. One set of rules is specifically targeted at detecting change.

Because of GPG13, many government bodies now understand the need to configure an appropriate level of logging and processing of log files. However, the requirements for change detection still remain and this cannot be achieved through logging alone.

In this webinar, Ed Hamilton, CLAS Consultant at Analysys Mason explains:

• Why detecting change is important—for example to help identify suspicious behaviour
• Why detecting change with logging alone is ineffective and impractical
• How change detection is critical for a protective monitoring solution
• How correctly implemented change detection simplifies and improves the effectiveness of a protective monitoring solution.