This policy provides policies to establish intrusion detection and security monitoring to protect resources and data on the organizational network. It provides guidelines about intrusion detection implementation of the organizational networks and hosts along with associated roles and responsibilities.
This policy is designed both to establish procedures for notification of affected clients in the case of an intrusion event.
This policy covers every host on the organizational public network.
- Increase the level of security by actively searching for signs of unauthorized intrusion.
- Prevent or detect the confidentiality of organizational and client data on the network.
- Preserve the integrity of organizational and client data on the network.
- Prevent unauthorized use of organizational and client systems.
- Keep hosts and network resources available to authorized users.
- Increase security by detecting weaknesses in systems and network design early.
- All systems accessible from the internet must operate IT approved active intrusion detection software.
- All host based and network based intrusion detection systems must be checked on a daily basis at a minimum and their logs reviewed.
- All intrusion detection logs must be kept for a minimum or 30 days.
- Any suspicious or malicious activity reported by a third-party must be investigated and responded to immediately.
- Upon completion of investigation and resolution of the issue, the reporting party should be notified of said resolution.
- The network administration team shall:
- Monitor intrusion detection systems both host based and network based.
- Check intrusion detection logs daily at a minimum.
- Determine approved intrusion detection systems and software.
- Act on reported incidents and take action to minimize damage, archive any hostile or unapproved software for investigation, and recommend changes to prevent future incidents..
- Notify affected clients as to the extent of intrusion, resolution, and plan for future preventative action.