Enforcing Your Bullet-Proof Security Policy

Communicating to Users
The site security policy should include a formal process, which communicates the site security policy to all users. In addition, an educational campaign will make users aware of how computer and network systems are to be used, and how to protect themselves from unauthorized users.

All users will need to know what’s considered the proper use of their account or workstation. This communication can most easily be done at the time a user receives their account, by giving them a policy statement. Proper use policies typically should dictate things, such as the following: whether or not the account or workstation may be used for personal activities (such as checkbook balancing or letter writing), whether profit-making activities are allowed, or whether game playing is permitted, etc.

Users should be told how to detect unauthorized access to their account.

If the system prints the last login time when a user logs in, he or she should be told to check that time and note whether or not it agrees with the last time he or she actually logged in.

Ideally, the security policy should strike a balance between protection and productivity.

Responding to Violations
Upon realizing a site security violation, an organization will select a number of responses – both good and sub-optimal. To this end, you should plan responses for different scenarios without the burden of an actual event.

Not only do you need to define actions based on the type of violation, you’ll also need to have a clearly defined series of actions for users who violate your computer security policy.

When a policy violation has been detected, you should immediately invoke the pre-defined define course of action. Next, you’ll need to have an investigation performed to determine how and why the violation occurred, and what is the appropriate corrective action. The type and severity of action taken will vary depending on the type of violation that occurred.

Discovering Violations: Choose Your Strategy
Once you’ve determined that the violation it’s being perpetrated by someone outside the organization, you’ll have to decide what aspect of your security plan should be put in motion. So, you’ll need to make sure you site security plan can answer the following questions:

• What outside agencies should be contacted, and who should contact them?
• Who may talk to the press?
• When do you contact law enforcement and investigative agencies?
• If a connection is made from a remote site, is the system manager authorized to contact that site?
• What are our responsibilities to our neighbors and other Internet sites?

Whenever a site suffers an incident compromising computer security, two opposing pressures may influence the way the organization reacts.

Read Part 1: Establish A Bullet-Proof Security Policy

Communicating to Users
The site security policy should include a formal process, which communicates the site security policy to all users. In addition, an educational campaign will make users aware of how computer and network systems are to be used, and how to protect themselves from unauthorized users.

All users will need to know what’s considered the proper use of their account or workstation. This communication can most easily be done at the time a user receives their account, by giving them a policy statement. Proper use policies typically should dictate things, such as the following: whether or not the account or workstation may be used for personal activities (such as checkbook balancing or letter writing), whether profit-making activities are allowed, or whether game playing is permitted, etc.

Users should be told how to detect unauthorized access to their account.

If the system prints the last login time when a user logs in, he or she should be told to check that time and note whether or not it agrees with the last time he or she actually logged in.

Ideally, the security policy should strike a balance between protection and productivity.

Responding to Violations
Upon realizing a site security violation, an organization will select a number of responses – both good and sub-optimal. To this end, you should plan responses for different scenarios without the burden of an actual event.

Not only do you need to define actions based on the type of violation, you’ll also need to have a clearly defined series of actions for users who violate your computer security policy.

When a policy violation has been detected, you should immediately invoke the pre-defined define course of action. Next, you’ll need to have an investigation performed to determine how and why the violation occurred, and what is the appropriate corrective action. The type and severity of action taken will vary depending on the type of violation that occurred.

Discovering Violations: Choose Your Strategy
Once you’ve determined that the violation it’s being perpetrated by someone outside the organization, you’ll have to decide what aspect of your security plan should be put in motion. So, you’ll need to make sure you site security plan can answer the following questions:

• What outside agencies should be contacted, and who should contact them?
• Who may talk to the press?
• When do you contact law enforcement and investigative agencies?
• If a connection is made from a remote site, is the system manager authorized to contact that site?
• What are our responsibilities to our neighbors and other Internet sites?

Whenever a site suffers an incident compromising computer security, two opposing pressures may influence the way the organization reacts.

Capturing the Lessons You’ve Learned
Once you believe that a system has been restored to a safe state, you may not be completely off the hook – there may still be holes and even traps lurking in the system. You’ll need to have the system monitored for items that may have been missed during the cleanup stage.

You’ll find a security log to be a valuable asset while vulnerabilities are being removed. Keep logs of procedure that have been used to make the system secure again. This information should include command procedures (e.g., shell scripts) that can be run on a periodic basis to recheck the security. Keep logs of important system events. Reference these events to determine the extent of the damage of a given incident.

After an incident, you’ll need to write a report describing the incident, method of discovery, correction procedure, monitoring procedure, and a summary of lesson learned. This exercise will provide you with a clear understanding of the problem.

Elizabeth M. Ferrarini is a free-lance writer based in Arlington, Massachusetts.

This article was first published on CrossNodes, an internet.com site.

RELATED NEWS AND ANALYSIS

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2020

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020

• Anticipating The Coming Wave Of AI Enhanced PCs

  FEATURE |  By Rob Enderle,
  September 05, 2020

• The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  August 14, 2020