Monitoring is not a tool

The objective of monitoring is to reduce overall risk by promptly taking action based on the data obtained through monitoring. By continuously monitoring systems, networks, and environments, organizations can gather real-time information about potential threats, vulnerabilities, or anomalous activities. This aligns with Endsley's model of situational awareness, particularly the perception stage.

Situational awareness refers to the understanding of the current state of a system, its components, and the potential risks or threats it faces. Monitoring plays a significant role within this model as it contributes to the perception component of situational awareness. The Endsley model, also known as the Endsley's Situational Awareness Model, is a framework that describes the cognitive processes involved in achieving and maintaining situational awareness. According to the Endsley model, situational awareness consists of three levels:

Level 1: Perception

Level 2: Comprehension

Level 3: Projection

Perception involves gathering information about the system and its environment through various sources such as sensors, logs, and observations. Monitoring serves as a means to continuously collect and analyze data related to the system's status, performance, and security.

Comprehension involves understanding and interpreting the collected information, forming a coherent mental model of the system's current state, and identifying potential threats or risks. Projection then involves using this understanding to anticipate future developments, risks, or potential vulnerabilities and plan appropriate responses or mitigation strategies.

Projection involves mental simulations and predictions to assess potential outcomes and make proactive decisions. Projection helps individuals to anticipate and prepare for future changes, enabling them to take appropriate actions to maintain situational awareness and mitigate potential risks. It involves forecasting and considering various scenarios based on the available information, allowing individuals to effectively plan and adapt to evolving circumstances.

Endsley's model suggests that while the perception stage of situational awareness can be automated to some extent, the comprehension and projection stages require human cognition and decision-making. Perception involves the collection and processing of data from sensors, which can be automated through advanced technologies and algorithms. However, comprehension involves understanding the meaning and significance of the perceived information, which requires contextual knowledge, experience, and cognitive abilities that are currently beyond the capabilities of automated systems. Similarly, projection involves the ability to anticipate and simulate future events, considering various possibilities and making informed decisions. This cognitive process relies on human intuition, reasoning, and the ability to incorporate subjective factors that are challenging to replicate in automated systems. Therefore, while automation can assist in enhancing perception, comprehension, and projection stages still heavily rely on human involvement.

For monitoring, the competence of the personnel operating the monitoring system is vital for obtaining effective results. While the monitoring system itself may possess advanced features and capabilities, it requires highly qualified personnel to properly configure, analyze, and interpret the data it generates. Skilled personnel can define relevant monitoring metrics, set appropriate thresholds, and accurately interpret the collected data within the context of the organization's objectives and risks. They can identify patterns, anomalies, and potential security incidents, enabling timely response and mitigation. On the other hand, unqualified personnel may struggle to understand the intricacies of the monitoring system, leading to missed alerts, false positives, or ineffective responses. Thus, having a well-trained and knowledgeable team is crucial for ensuring the success and effectiveness of the monitoring process.