Otherwise, signi?¬? cant time and e?¬? ort may be wasted redoing the same assessments for
di?¬? erent recipients.
Security monitoring. Ensure that ?¬? rewalls, virtual private network (VPN) concentrators, and
critical server systems are generating useful logs. Begin centralizing the log output to a main
log server. Deploy IDS on key network segments, using a limited set of alerts focused on
major threats. Otherwise, IDS alert output will easily overrun the time and capabilities of
the security team at level 2.
Incident response. Th e annual Computer Security Institute/Federal Bureau of Investigation
security survey has found that more than 70 percent of organizations have had at least one
security incident. Th e rest probably just did not know it. It is therefore very important to
de?¬? ne and document an IR process and identify the key personnel that would be needed to
respond to a breach of security. Ensure that everyone involved is trained on the process and
knows how to respond in an organized and e?¬? cient manner. Rehearse the process every six
months if there are not enough actual incidents to practice on.
Disaster recovery planning. Having identi?¬? ed the critical IT systems and developed an understanding
of the business and its recovery time objectives, and the major business- interrupting
threats it faces, develop a recovery plan that will help get critical IT systems back up and
running in the event of a disaster.
Continued e?¬? ort and focus at this level will help move the organization up the maturity scale.
Pages:
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213