This evening, I attended an ISACA Belgium Chapter event about “Continuous Monitoring“. By reading the work “monitoring”, you may think about CPU, memory or complex applications monitoring. In fact, continuous monitoring is a process, using specific tools, to detect compliance and risk issues associated within financial organizations. Today’s speaker was Paul Muylaert from Dexia.
This event was the perfect continuation of what I wrote yesterday about the data retention in stores. Financial companies also keep a track of all their customers activities and they build big data warehouse systems where they can generate a lot of useful statistics. A good example is to keep an eye on “sleeping bank accounts” (when no operations has been performed for a defined amount of time). The continuous monitoring comes on top of the data warehouse.
Paul explained the audit process that was started (and still ongoing) inside Dexia to setup a continuous monitoring of their financial activities. Two concepts must be properly defined:
- The risk indicators
- The alerts
Example of risks indicators are the sleeping accounts. It’s critical for the bank to monitor the number of inactive accounts. This number gives a good feeling of the company health. At the opposite, alerts are generated when something unusual is detected and requires immediate attention. By example when a huge amount of money is transferred from or to a bank account (fraud detection). Both concepts help to define profiles for all activities and are used to perform behavioral monitoring.
The model, still in development, is quite complex and took a huge amount of resources. Paul’s slides should be available online soon. I’ll post the URL here once received.