Intrusion detection policy
- Originally Published:
- Dec 2017
A clear and concise plan of action will help counteract any intrusion into an enterprise network and mitigate potential damage. This sample policy establishes guidelines and procedures your organization can follow when your computer network is compromised.
From the policy:
An enterprise with a clear and concise policy is prepared to react and counteract any intrusion into their network with a plan of action to mitigate potential damage and protect vital enterprise data.
The purpose of this Intrusion policy is twofold:
- Establish guidelines for how network intrusions will be detected.
- Establish procedures for reacting, counteracting, and mitigating a network intrusion.
This policy applies to the enterprise network, all servers, and all employees and contractors who monitor the network or servers for intrusions. It also applies to those who resolve intrusion issues. This policy is effective as of the issue date and does not expire unless replaced by another policy.
The Intrusion Detection Policy is designed to increase the overall level of security in the enterprise network by actively searching for unauthorized access. The procedural framework outlined in the policy will prevent or detect unauthorized access to organizational data and notify proper personnel of such an incident to preserve the integrity of that data.
Network intrusions will be detected using two techniques, either separately or in collaboration with each other:
- Network-based intrusion detection is a network device that looks at network traffic for suspicious patterns. When suspicious patterns in traffic are noticed, an administrator is notified automatically.
- Host-based intrusion detection is software that operates on a server or workstation similar to antivirus software. The software looks for suspicious activity that may indicate that someone has attempted or has penetrated the security of the computer or network system without authorization.
Already a member? Log in here