State of Vermont. Intrusion Detection and Prevention Policy. Date: 11-02-10 Approved by: Tom Pelham Policy Number:



Similar documents
Ohio Supercomputer Center

State of Vermont. Physical Security for Computer Protection Policy

How To Manage Security On A Networked Computer System

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Intrusion Detection Systems

Critical Security Controls

Introduction of Intrusion Detection Systems

Name. Description. Rationale

Data Security Incident Response Plan. [Insert Organization Name]

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

How To Protect A Network From Attack From A Hacker (Hbss)

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Network Security Policy

NETWORK AND AIS AUDIT, LOGGING, AND MONITORING POLICY OCIO TABLE OF CONTENTS

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

ABB s approach concerning IS Security for Automation Systems

Closing Wireless Loopholes for PCI Compliance and Security

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.

Intrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science

University System of Maryland University of Maryland, College Park Division of Information Technology

Network/Cyber Security

AUDIT REPORT WEB PORTAL SECURITY REVIEW FEBRUARY R. D. MacLEAN CITY AUDITOR

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

Observation and Findings

Network- vs. Host-based Intrusion Detection

OSU INSTITUTE OF TECHNOLOGY POLICY & PROCEDURES

Computer security technologies

INFORMATION TECHNOLOGY POLICY

Implementing an Incident Response Team (IRT)

MONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014

Data Management Policies. Sage ERP Online

CALNET 3 Category 7 Network Based Management Security. Table of Contents

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Overcoming PCI Compliance Challenges

Taxonomy of Intrusion Detection System

IDS Categories. Sensor Types Host-based (HIDS) sensors collect data from hosts for

SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

Automation Suite for. 201 CMR Compliance

NeMo. Network Monitoring and Bill Reconciliation Analysis

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

How To Ensure The C.E.A.S.A

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Managed Security Services for Data

This policy shall be reviewed at least annually and updated as needed to reflect changes to business objectives or the risk environment.

U.S. SECURITIES & EXCHANGE COMMISSION

HIPAA Compliance: Meeting the Security Challenge. Eric Siebert Author and vexpert. whitepaper

Attachment A. Identification of Risks/Cybersecurity Governance

Third-Party Access and Management Policy

PCI DSS Top 10 Reports March 2011

AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN Siskiyou Boulevard Ashland OR 97520

Intrusion Detection System

IDS : Intrusion Detection System the Survey of Information Security

THE TOP 4 CONTROLS.

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Level 3 Public Use. Information Technology. Log/Event Management Guidelines

INFORMATION SECURITY California Maritime Academy

Network Instruments white paper

APPENDIX 3 TO SCHEDULE 3.3 SECURITY SERVICES SOW

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Intrusion Detection for Mobile Ad Hoc Networks

Performance Evaluation of Intrusion Detection Systems

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014

Application Intrusion Detection

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Beyond Check The Box

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

How To Audit The Mint'S Information Technology

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Network & Information Security Policy

IBX Business Network Platform Information Security Controls Document Classification [Public]

The University of Information Technology Management System

PCI Data Security and Classification Standards Summary

Network Security Administrator

Endpoint Security More secure. Less complex. Less costs... More control.

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

Information Technology Policy

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

SECURITY THROUGH PROCESS MANAGEMENT

Module II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University

Retention & Destruction

Defensible Strategy To. Cyber Incident Response

Payment Card Industry Data Security Standard

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

IDS / IPS. James E. Thiel S.W.A.T.

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

STATE OF NEW JERSEY IT CIRCULAR

INFORMATION TECHNOLOGY RISK MANAGEMENT PLAN

Transcription:

State of Vermont Intrusion Detection and Prevention Policy Date: 11-02-10 Approved by: Tom Pelham Policy Number: 1

Table of Contents 1.0 Introduction... 3 1.1 Authority... 3 1.2 Purpose... 3 1.3 Scope... 4 2.0 Policy... 4 2.1 Assessment... 4 2.2 Implementation of Intrusion Prevention and Detection Capabilities... 4 2.2.1 Personnel... 4 2.2.2 Assets... 4 2.2.3 Prevention Controls... 5 2.3 Monitoring, Review & Detection... 5 2.3.1 Security Audit Strategies... 5 2.3.2 Alarms and Alerts... 5 2.4 Incident Response... 5 3.0 Policy Notification... 5 Page 2 of 5

1.0 Introduction 1.1 Authority The Department of Information and Innovation (DII) was created in VSA 22 901 (1), to provide direction and oversight for all activities directly related to information technology, including telecommunications services, information technology equipment, software, accessibility, and networks in state government. Managers, employees, records personnel, third party vendors and all others who connect to or handle State of Vermont networks and data are responsible for reviewing this policy in concert with business, legal, and information technology staff to ensure that the policy (1) meets legal requirements specific to the agency and its data and (2) can be effectively carried out by agency employees. If laws or regulations require more stringent requirements than stated in this policy, the internal policy created by the agency must explicitly state the more stringent requirements. Agencies shall not develop an internal policy with requirements lower than the minimum requirements listed in this policy. 1.2 Purpose This policy is designed to protect the confidentiality, integrity and availability of data that is stored on State of Vermont devices and to protect the network from being infected by any hostile attack. Intrusion detection provides two important functions in protecting information resources: Feedback: information as to the effectiveness of other components of the security system. If a robust and effective intrusion detection system is in place, the lack of detected intrusions is an indication that other defenses are working. Trigger: a mechanism that determines when to activate planned responses to an intrusion incident. Intrusion prevention is a preemptive approach to network security used to identify potential threats and respond to them swiftly. Like an intrusion detection system (IDS), an intrusion prevention system (IPS) monitors network traffic. However, because an exploit may be carried out very quickly after the attacker gains access, intrusion prevention systems also have the ability to take immediate action, based on a set of rules established by the network administrator. Page 3 of 5

1.3 Scope The scope of this policy includes State of Vermont computer and telecommunications systems and the employees, contractors, temporary personnel and other agents of the state who use and administer such systems. 2.0 Policy The State of Vermont is committed to intrusion detection as well as intrusion prevention capabilities as part of an overall, multi-layered information technology security design to prevent, monitor and identify system intrusion or misuse. The State shall develop a strategy for intrusion detection and prevention within the resource constraints for these activities. The goal is to deploy systems that provide robust and effective intrusion detection, raise awareness of actions that may cause intrusions, and prepare plans for effective response when intrusions occur. The policy includes the following elements: 2.1 Assessment State IT department(s) shall develop and deploy intrusion detection and prevention guidelines, systems and procedures for assets identified as critical to the mission of the agency. Such assessments can be enhanced or developed using vulnerability tools such as discovery scanning or vulnerability scanning. 2.2 Implementation of Intrusion Prevention and Detection Capabilities State IT department(s) shall evaluate, select and deploy intrusion detection and preventio capabilities compatible with the network infrastructure, policies and resources available for these activities. Intrusion detection and prevention capabilities shall address the following: 2.2.1 Personnel Personnel shall be identified and properly trained to operate,interpret and maintain intrusion detection and prevention capabilities. 2.2.2 Assets I Intrusion detection capabilities shall be in place to provide information related to unauthorized or irregular behavior on an agency computer, network or telecommunications system. In addition intrusion prevention capabilities shall be implemented to prevent unauthorized use, anomalies or attacks on computer, network or telecommunications systems. In addition, intrusion detection capabilities shall be in place to provide information related to unauthorized or irregular behavior on an agency computer, network or telecommunications system. Intrusion detection and prevention capabilities shall be implemented that encompass basic security procedures such as reviewing activity logs, and depending on the results of the assessment, may also include special purpose intrusion prevention and detection features such as those found Page 4 of 5

on network-based, host-based, wireless, or network behavior analysis intrusion detection and prevention systems. 2.2.3 Prevention Controls Intrusion prevention systems shall have controls set to respond to a perceived attack. Controls shall be set from the perspective of continuing service to meet business needs and objectives. 2.3 Monitoring, Review & Detection Intrusion detection and prevention capabilities shall include guidelines for monitoring and analyzing system logs, notifications, warnings, alerts and audit logs. Agencies shall maintain and review information technology security audit logs and intrusion detection and prevention system alerts on a daily basis to determine if an intrusion or other type of security incident has occurred or has been prevented. 2.3.1 Security Audit Strategies Agencies shall develop information security audit strategies and processes relevant to each system. The strategy shall include the definition of monitored assets, the types and techniques of intrusion detection systems or intrusion prevention systems to be used, where each intrusion detection system or intrusion prevention system will be deployed, resources responsible for monitoring, the types of attacks the intrusion detection systems or intrusion preventionsystems will be configured to detect or prevent and the methods that will be used for responses or alerts. 2.3.2 Alarms and Alerts Thresholds for alarms and alerts shall be configured to identify possible intrusion detection or prevention events or violations of agency policy. Agency procedures shall address the disposition, retention and criticality of alerts. 2.4 Incident Response State agencies will respond to security incidents in compliance with the Incident Handling Procedure found at: http://dii.vermont.gov/policy_central under the Security Section. 3.0 Policy Notification Each state agency is responsible for ensuring that employees are aware of where policies are located on websites. Agencies are also responsible for notifying employees of policy change or the creation of new policies that pertain to the agency/department function. Page 5 of 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information