Firewall Wizards mailing list archives
Re: The value of detecting neutralized threats. (was RE: IDS blah blah)
From: "John Kozubik" <john_kozubik_dc () hotmail com>
Date: Thu, 28 Jan 1999 11:30:38 PST
The points brought up by Dominique concerning plans of action (both human and automated) in response to a positive alert from an elaborate IDS are very valid. The list he gave of contingencies, although not complete, is a very good example of the points that should be covered by a business firms information security policy. Your first step in proviing consultation for a firm with very sensitive data to protect is to coach them in the creation of human and automated policies that will answer the types of questions that dominique brought up - who gets called, who responds to whom, what law enforcement is contacted, what (if any) tasks are delegated to the ISP (if you have one). Then, this information should be reviewed by the legal counsel and the CIO, and in some cases the board of directors and any insurance adjustors that the company works with - due diligence is key in avoiding problems down the road (such as shareholder lawsuits). And yes, although the system can be built for around $10,000, you do need (a) qualified operator(s). $100,000 is probably the lowest range you can find qualified IDS people for that can handle this sort of advanced project. as was said in an earlier post, you need to make an equation of threats vs. value of data to determine if this is the right course of action. kozubik - John Kozubik - john_kozubik () hotmail com PGP DSS: 0EB8 4D07 D4D5 0C28 63FE AD87 520F 57BE 850B E4C4 ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- Re: The value of detecting neutralized threats. (was RE: IDS blah blah) John Kozubik (Jan 28)
- Re: The value of detecting neutralized threats. (was RE: IDS blah blah) Roger Nebel (Jan 29)