Re: Network IPS Information Security Policy

["Basgen, Brian" <bbasgen () PIMA EDU>]

  We did not feel the need to create a Policy, but I've enclosed our "IPS review procedures" document.

  Randy, to your question, we have policy with similar language to what Gary just posted. The key point here is that we 
have both the right and obligation to monitor network traffic, we will not inspect the traffic of any particular 
individual without following a very particular set of procedures. 

~~~~~~~~~~~~~~~~~~
Brian Basgen
Information Security
Pima Community College
Office: 520-206-4873


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary 
Dobbins
Sent: Friday, November 13, 2009 12:30 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Network IPS Information Security Policy

I'll paste at the end of this message an excerpt from our process for managing the IPS.  We set out to define one that 
would be heavily inclusive of the campus IT community, so that it was mostly they who choose when and what to block 
with the IPS, informed by the IDS side of the tool.


> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kris Monroe
> Sent: Friday, November 13, 2009 8:29 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Network IPS Information Security Policy
>
> Has anyone developed an Information Security Policy for their
> Network
> IPS that they could share?
> My Information Security Policies Made Easy 10th Edition has IDS and
> HIDS
> but not Network IPS and I feel it is a different enough beast that
> I'd
> like some other references.
> Regards,
> -Kris
>
> Kris Monroe, CISSP, CISA, TECP
> Network Security Engineer and Acting Information Security Officer
> Ithaca College

=====================================
Management Process - Campus Perimeter/Border System

   1. On behalf of the University, the Office of Information Technologies (OIT) will operate the University IPS. OIT 
will monitor and analyze network traffic to identify cyber threats.
   2. The OIT will propose IPS configuration changes to automatically block network traffic identified as a threat to 
the campus computing resources.
         1. Other members of the Notre Dame community may submit a proposal to recommend IPS configuration changes.
   3. A configuration change proposal may be submitted for campus review via the OIT Change Control process. The 
proposal must include an explanation of the functional impact of the change.
         1. All proposed changes will be published to the IPS-EVENTS email list service and on the secure.nd.edu 
website.
         2. A one-week commentary period for each proposal will be available where members of the Notre Dame community 
can comment on the proposed change. The IPS-EVENTS list service will be used to receive comments.
   4. The OIT Change Advisory Board will provide oversight by reviewing comments and determining if the proposed change 
is approved for deployment
   5. Once approved, the change is scheduled through the OIT Change Control process.
   6. After the change is deployed, a post-deployment notification will be posted to the IT-Events email list service 
and on this website.
   7. Rollback-If a configuration change creates unintended issues, the configuration can either be modified or turned 
off. Problems should be reported using the standard OIT Unscheduled Service Outage/Performance Issues Notification 
Process
   8. The OIT Change Advisory Board will handle all emergency changes.
   9. In order to create awareness of the Border IPS system configuration, an inventory of approved and proposed 
changes will be maintained. The complete inventory is available to anyone with valid netid.

Attachment: IPS Review Procedures.pdf
Description: IPS Review Procedures.pdf