|
------- INDEX AND GLOSSARY. DO NOT CHANGE OR DELETE! ----------
Open IT Policy Index
-
Acceptable Use, Administrative or Special Access (Policy)
-
Acceptable Use, Email (Policy)
-
Acceptable Use, Internet (Policy)
-
Acceptable Use, Virtual Private Network (VPN) (Policy)
-
Access Controls, Account (Policy)
-
Account Management (Policy)
-
Change Management (Policy)
-
Computer Virus Prevention (Policy)
-
Contingency Planning (Policy)
-
Data Backup and Storage (Policy)
-
Data Marking, Handling, Processing, Storage, and Disposal (Policy)
-
Deferral of System Security Certification or Accreditation, Annual (Form)
-
General Information Security Management (Procedure)
-
Green Computing (Policy)
-
Incident Response (Policy)
-
Intrusion Detection (Policy)
-
Logging and Audit Trails (Policy)
-
Mobile Computing and Network Access (Policy)
-
Network Access (Policy)
-
Network Access Controls (Standard)
-
Network Configuration (Policy)
-
Network Data Privacy (Policy)
-
Password Management (Policy)
-
Personnel Security (Policy)
-
Physical Security (Policy)
-
Policy Application Checklist (Administrative Utility)
-
Secure Media and Data Handling (Procedure)
-
Secure Software Development Lifecycle (Standard)
-
Social Computing and Networking (Policy)
-
Software and Hardware Security Controls (Policy)
-
Spam and Unsolicited Commercial Email Prohibition (Policy)
-
System Security Certification/Accreditation, Annual (Form)
-
System Security Certification/Accreditation, Annual (Policy)
-
Telecommuting Agreement, Employee (Form)
-------------------------------------------------------------------------------------------------
Overview and Purpose
Intrusion detection is critical to the defense of [variable: Covered Organization] information. As our information systems grow in sophistication and number, so do their endpoints, potential vulnerabilities, and threat vectors.
This policy exists to promote continuing system and network security in an increasingly complex computing environment. Intrusion detection protects
information resources in two functions:
-
Trigger: a mechanism that determines when to activate planned responses to an intrusion
incident.
-
Feedback: information on the effectiveness of other components of the security system. The number of detected intrusions provides valuable information on the effectiveness of other security defenses.
Coverage
This policy applies to individuals responsible for installing, operating, and maintaining
Information Resources, as well as individuals responsible for Information Security.
Definitions
General Terminology
Roles and Functions
Policy
-
The IT/IS department must implement processes for operating systems, user accounting, and software audit logging on all host and
server systems
-
The IT/IS department must implement alert functions for firewalls and other network perimeter-access controls
-
The IT/IS department must implement audit logging of firewalls and other network perimeter access controls
-
The
system administrator must daily review audit logs from the perimeter access
control systems
-
The IT/IS department must perform [variable: time period] integrity checks of firewalls and other network perimeter access
control systems
-
The IT/IS department of
system administrator must review audit logs for servers and hosts on the internal, protected, network at least once per [variable: time period]
-
The
system administrator must furnish audit logs requested by the ISO/ISSO
-
The IT/IS department of
system administrator must check host-based intrusion tools at least once per [variable: time period]
-
The IT/IS department of
system administrator must review trouble reports for symptoms that might indicate intrusive activity or an
incident
-
IT/IS employees or system administrators who suspect and/or confirm instances of successful and/or attempted intrusions must reported all evidence to the [variable: ISO/ISSO, IRM, or other role]
-
IT/IS employees shall work with departmental managers to trained users to report any anomalies in system performance and signs of wrongdoing to the IT Help Desk.
Enforcement
Violation of this policy may result in disciplinary action, including but not limited to performance penalties, employment termination, contract invalidation, civil action, and criminal prosecution. Additionally, violators may lose access privileges to [variable: Covered Organization]
Information Resources.
Supporting Documentation
This policy is supported by the following rules, standards, and procedures:
-
[variable: internal documents (with links, if available)]
-
[variable: external documents (with links, if available)]
Policy Support Contact
-
[variable: title (not personal name) of role responsible for overseeing this procedure]
-
[variable: Contact information of office responsible for overseeing this procedure]
References
Policy Model(s)
Federal Agency Security Practices, US Government, National Institute of Standards and Technology (NIST)
|
Open IT Policy Project 
