www.elpasotexas.gov - Intrusion Detection Policy


Intrusion Detection Policy

INFORMATION TECHNOLOGY

Mission Statement

GIS Division

Division Home
PDN Mapa

Project Office Division

Policies

Administrative
Departmental

Introduction	Intrusion detection plays an important role in implementing and enforcing an organizational security policy. As information systems grow in complexity, effective security systems will evolve. With the proliferation of the number of vulnerability points introduced by the use of distributed systems some type of assurance is needed that the systems and network are secure. Intrusion detection systems can provide part of that assurance.
Purpose	Intrusion detection provides two important functions in protecting information resources: Feedback: information as to the effectiveness of other components of the security system. If a robust and effective intrusion detection system is in place, the lack of detected intrusions is an indication that other defenses are working. Trigger: a mechanism that determines when to activate planned responses to an intrusion incident.
Audience	The City Of El Paso Intrusion Detection Policy applies to all individuals that are responsible for the installation of new Information Resources, the operations of existing Information Resources, and individuals charged with Information Resources Security.
Intrusion Detection Policy	Operating system, user accounting, and application software audit logging processes will be enabled on all host and server systems. Alarm and alert functions of any firewalls and other network perimeter access control systems will be enabled. Audit logging of any firewalls and other network perimeter access control system will be enabled.· Audit logs from the perimeter access control systems will be monitored/reviewed daily by the Security Officer. System integrity checks of the firewalls and other network perimeter access control systems will be performed on a routine basis. Audit logs for servers and hosts on the internal, protected, network will be reviewed on a weekly basis. The system administrator will furnish any audit logs as requested by the ISO. Host based intrusion tools will be checked on a routine.· All trouble reports should be reviewed for symptoms that might indicate intrusive activity. All suspected and/or confided instances of successful and/or attempted intrusions will be immediately reported according to the Incident Management Policy.· Users shall be trained to report any anomalies in system performance and signs of wrongdoing to the IS Help Desk.
Disciplinary Actions	Violation of this policy may result in disciplinary action, which may include termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student. Additionally, individuals are subject to loss of The City Of El Paso Information Resources access privileges, civil, and criminal prosecution.

| Disclaimer | Accessibility | Privacy Policy | Security Policy | Link Policy |
| Tools | Contact Us | Directions to City Hall | Employees | © 2008 City of El Paso | Webmail |