Policy Monitoring and Enforcement Strategy: The SANS Institute
Management of a 7,000 strong organization strung across 35 locations is an enormous undertaking. The possibility of abuse of company 's resources is a real risk "that can lead to regulatory noncompliance" (Johnson, 2011). To ensure the company 's profitability and survivability would need strict enforcement of security policies. The two most monitoring and enforcement policies I would be most concerned about is, Access Control, and virus protection. The monitoring regulations I would rely on for this activity are audit trails provided by logs, and ISO 27001/27002 (formerly ISO 17799:2005), ITIL and NIST SP-800 53 " Recommended Security Controls for Federal Information Systems" standards. Logs are a great monitoring tool that provides a record of events. As such, I need every occurrence to be logged, tracked and reported on. For each entry, I want to know "what" occurred, "when" it occurred, and "who" or what cause it. Monitoring compliance would allow me to: (1) "Detect and correct violations (2) Provide evidence to support enforcement actions (3) Evaluate program progress by establishing compliance status (4) Provide case studies for staff training (The SANS Institute, 2012). At each location I would nominate ISS enforcement officers who will be held responsible for monitoring and enforcement strategies to ensure that employees act in according with acceptable use policies (AUPs), set forth by management to ensure the organization assets are protected. Sguil (pronounced sgweel) is one of the best GUI monitoring tool around I would use that provides "real time events, sessions data, and raw packet captures." It facilitates seamless analysis, as when an alert that needs more investigation has been identified, it makes a decision on how to handle the situation. Sguil uses a backend database for most of its data, which allows users to perform SQL queries against several different types of security events (The SANS Institute, 2012). For access control, I would use
References: Johnson, Rob. with Merkow, Mike. Security Policies and Implementation Issues. First Edition. Copyright © 2011by Jones & Bartlett Learning, LLC, an Ascend Learning company The SANS Institute (2012). Logging and Monitoring to Detect Network Intrusions and Compliance Violations in the Environment: http://www.sans.org/reading-room/whitepapers/detection/logging-monitoring-detect-network-intrusions-compliance-violations-environment-33985