Technology Standard
|
|
Technology Standard
|
Threat Management - Threat Detection
Version: 1.0
Status: Approved: 02/21/07
Contact: Director, Technology Services
PURPOSE
To provide guidelines necessary to implement threat management strategies to protect System Office and College systems and data.
SCOPE
In accordance with the COV ITRM 501-01, threat detection policies must be implemented to ensure the Systems Office and colleges are aware of threats and establish procedures to prevent attacks.
APPLICABILITY
The Threat Detection Standard is applicable to the System Office and all Colleges.
STANDARD
A threat is a harmful act such as the deployment of a virus or an illegal network incursion. Practices for implementing intrusion detection and prevention assist in minimizing the effects of threats to IT systems and data.
Requirement:
The System Office and Colleges must designate an individual who is responsible for the threat detection plan. The plan should include the development, acquisition, implementation, testing, training, and maintenance of threat detection activities.
Recommendation:
The individual responsible for the threat detection plan should have this responsibility identified in their Employee Work Profile (EWP) to ensure compliance with this requirement.
Requirement:
Threat detection training must be provided for those employees who require such training to properly perform these duties. This may include vendor specific training on particular IT systems or general classes in the overall functions of threat detection. The Systems Office and Colleges must review the need and provide the relevant training as necessary and practicable.
Requirement:
A review of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) logs must be conducted to detect new attack patterns. Reviews must be conducted as quickly as practicable to ensure mitigation measures are developed and implemented to minimize or prevent future threats.
Requirement:
The System Office and Colleges must maintain communication with organizations that can provide information about new attack types, vulnerabilities, and mitigation measures.
Recommendation:
Cyber Security Alerts: http://www.us-cert.gov/cas/alerts/.
Cyber Security Tips: http://www.us-cert.gov/cas/tips/.
Cyber Security Bulletins: http://www.us-cert.gov/cas/bulletins/.
Microsoft Security Advisor: http://www.microsoft.com/security/default.mspx.
RELATED LINKS
Threat Management, Incident Handling
Threat Management, IT Security Monitoring and Logging
