Search in ISMS Guides

Google
 

Thursday, August 2, 2007

Step 5: Monitor for violations and take corresponding actions

by Change Tech Solutions Inc. | Oct 8, 2003

An effective security management discipline depends on adequate compliance monitoring. Violations of security practices, whether intentional or unintentional, become more frequent and serious if not detected and acted on. A computer hacker who gets away with the first system penetration will return repeatedly if he knows no one can detect his activities. Users who get away with leaving confidential documents on their desks will get into bad habits if not corrected quickly.

You'll perform two major activities here: detecting security violations and responding to them. With respect to sensitive assets, it is important to know:
  • Who has the right to handle the assets (user names).
  • How to authenticate those asset users (password, IDs, etc.).
  • Who has tried to gain access to them.
  • How to restrict access to allowed activities.
  • Who has tried to perform actions beyond those that are allowed.

Document the response to security violations, and follow up immediately after a violation is detected. The IT organization should have a computer emergency response team to deal with security violations. Members of this team should have access to senior management so that severe situations can easily be escalated.

Responses can be built into your security tools or facilities to ensure that the response to a violation is immediate. For example, a password-checking utility may be designed to lock out a user name immediately after three invalid password entries. Alarms can be installed around the data center facility so that if any window or door is forced open, security guards or police are immediately notified.

A critical part of this activity is the generation of reports for management that discuss significant security violations and trends of minor incidences. The objective is to spot potential major security violations before they cause serious damage.

Back To Implement Security Management With These Six Steps

No comments: