Re: The value of detecting neutralized threats. (was RE: IDS blah blah)

["John Kozubik" <john_kozubik_dc () hotmail com>]

The points brought up by Dominique concerning plans of action (both 
human and automated) in response to a positive alert from an elaborate 
IDS are very valid.

The list he gave of contingencies, although not complete, is a very good 
example of the points that should be covered by a business firms 
information security policy.

Your first step in proviing consultation for a firm with very sensitive 
data to protect is to coach them in the creation of human and automated 
policies that will answer the types of questions that dominique brought 
up - who gets called, who responds to whom, what law enforcement is 
contacted, what (if any) tasks are delegated to the ISP (if you have 
one).

Then, this information should be reviewed by the legal counsel and the 
CIO, and in some cases the board of directors and any insurance 
adjustors that the company works with - due diligence is key in avoiding 
problems down the road (such as shareholder lawsuits).

And yes, although the system can be built for around $10,000, you do 
need (a) qualified operator(s).  $100,000 is probably the lowest range 
you can find qualified IDS people for that can handle this sort of 
advanced project.

as was said in an earlier post, you need to make an equation of threats 
vs. value of data to determine if this is the right course of action.

kozubik - John Kozubik - john_kozubik () hotmail com
PGP DSS: 0EB8 4D07 D4D5 0C28 63FE  AD87 520F 57BE 850B E4C4


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com