Monitoring systems for possible risks is a major move towards risk prevention and recovery in most sensitive departments. It helps in avoiding serious injuries that may face the system if the concerned risk is not dealt with earlier in time. This paper seeks to discuss the aspect of continuous monitoring in the fire and security alarm management system of Alcon, an information technology based company (Natan, 2005).
Continuous monitoring as a security measure is defined as a means through which the awareness of the safety of an information system is made possible, noting its possible threats and seeking for possible ways of curbing them. It aims at making it possible and easier for users to detect threats and solve them early enough before they do much harm to the system. It’s the data collected during monitoring that is used for strategizing on how to deal with these possible threats (Natan, 2005).
For continuous monitoring to be possible, there are many things that should be put in place. They are the special requirements for continuous monitoring that include background information to the system. This serves as a basis through which the system is to be understood. For monitoring to be made possible, the staff should be aware of how the system, at its right status works, so they can understand when a failure has occurred.
Secondly, there is need for some tools for collecting data. These put down into record the periodical happenings of the system, which is used in tracking the errors. Records of who used the system and when used to continuously track are the system. Presentation of information is also necessary. It’s a special requirement that needs to be considered, information presented rightly is accurate and efficient. The success of the whole monitoring process entirely depends on how well the data is collected and presented.
There are various perspectives to continuous monitoring of this system, this paper, however, discusses just two. One, there is the procurement process assurance that instructs the system to output results in line with the user’s instructions. Monitoring is not based on how the system ought to work, but rather on how the user wants it to work (Wenig, 1974).
Then there is the effectiveness perspective of monitoring. Risks are identified on the basis of the efficiency of the system. If the expected level of efficiency is not achieved, then a suspicion is recorded and the system is re-checked for errors (Grembergen, 2002).
A key lesson learnt from the example given is the importance of domain independence. Each domain should be handled and treated independently, for effectiveness and efficiency of monitoring. If many domains are combined, it’s tricky to carry out effective monitoring. The fire and security alarm systems should, therefore, be managed independently to achieve this.
The key challenge facing continuous monitoring is its capital intensive nature. To adopt this strategy and implement it in an organization, a lot of money needs to be set aside for this project. The main solution to his problem is making it an organization wide issue, by incorporating all departments in paying for the expenses incurred. Another problem rises from the need for auditing. This too makes the move expensive to set up and maintain (Dhillon, 2001).
Persistence of threats is also a major challenge facing continuous monitoring. Complexity of the mechanisms used to attack the system makes it hard for effective monitoring to be carried out. This poses a major challenge as the monitoring system is prone to breakdown and failure, despite a lot being spent in ensuring its safety (Wenig, 1974).
Dhillon, G. (2001). Information security management global challenges in the new millennium. Hershey, Pa.: Idea Group Pub
Grembergen, W. (2002). Information systems evaluation management. Hershey, PA: IRM Press.
Natan, R. (2005). Implementing database security and auditing a guide for DBAs, information security administrators and auditors. Burlington, MA: Elsevier Digital Press.
Resource manual for implementing the NSPS continuous monitoring regulations Manual 2- Preliminary activities for continuous monitoring system certification (1978). Washington, DC: U.S. Environmental Protection Agency.
Wenig, R. P. (1974). Effective management of data processing projects: a practical guide to defining, planning, estimating, monitoring and controlling the design, development and implementation of an information system. Wayland, Mass: Raisan Pub. Co