Bare Minimum Requirements
When my first child was born, our annual Christmas trek to Iowa required me to stuff our 1989 Ford Taurus with every item of clothing, toy, and article of portable baby furniture we owned. Three children later, we’ve discovered how little we truly need for a week at Grandma’s. Likewise, you can often succeed with far less than your ideals, especially when you reduce your scope. In the spirit of efficiency, here are a few essentials to apply for success in targeted monitoring.
Policy
You can’t escape policy—it’s your security monitoring anchor. Still, it’s hard to know where to begin. Here are the essential policies for most organizations, against which you can conduct productive security monitoring.
Policy 1: Allowed network activity
Be clear what network access is allowed and what isn’t. This is especially true of the most sensitive and critical network segments. When analysts detect activity toward the Internet from data centers, they need clear, documented policies regarding what network activity is allowed so that they can conduct fruitful investigations.
Policy 2: Allowed access
Document who can and should access the organization’s most critical, sensitive servers. Documenting who is allowed access creates a reference point against unauthorized access. It permits discovery and enforcement of access that is out of alignment with security policy.
Policy 3: Minimum access standards
Dictate the security standards expected of devices present on the network. This ...
Get Security Monitoring now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
