Chapter 9. Security Monitoring
This chapter will guide the reader through the process of developing an enterprise monitoring strategy based on importance as determined by analyzing defined trust models. Examination of the critical data in the enterprise will help determine what should be monitored, who should monitored, and to what extent. Once a monitoring strategy has been developed and implemented, managing the data from disparate systems will be discussed using a Security Information and Event Management (SIEM) solution for event management, correlation, and alerting.
This chapter will cover the following topics:
Monitoring based on trust models and network boundaries
Privileged user monitoring
Network security monitoring
System monitoring
Advanced monitoring tools
