Download EHLANZENI DISTRICT MUNICIPALITY INTRUSION DETECTION

EHLANZENI DISTRICT MUNICIPALITY INTRUSION DETECTION POLICY FOR 2012
1.
OBJECT OF THE POLICY
This policy provides policies to establish intrusion detection and security monitoring to
protect resources and data on the organizational network. It provides guidelines about
intrusion detection implementation of the organizational networks and hosts along with
associated roles and responsibilities.
This policy is designed both to protect the confidentiality of any data that may be stored
on the mobile computer and to protect the organizational network from being infected by
any hostile software when the mobile computer returns. This policy also considers wireless
access.
Scope
This policy covers every host on the organizational network and the entire data network
including every path that organizational data may travel that is not on the internet. Paths
covered by this policy even include organizational wireless networks. Other policies cover
additional security needs of the organizational network and systems.
Policy
Objectives
 Increase the level of security by actively searching for signs of unauthorized intrusion.
 Prevent or detect the confidentiality of organizational data on the network.
 Preserve the integrity of organizational data on the network.
 Prevent unauthorized use of organizational systems.
 Keep hosts and network resources available to authorized users.
 Increase security by detecting weaknesses in systems and network design early.
Requirements
 All systems accessible from the internet or by the public must operate IT approved
active intrusion detection software during anytime the public may be able to access the
system.
 All systems in the DMZ must operate IT approved active intrusion detection software.
 All host based and network based intrusion detection systems must be checked on a
daily basis and their logs reviewed.
 All intrusion detection logs must be kept for a minimum or 30 days.
NOTIFICATION
 Any suspected intrusions, suspicious activity, or system unexplained erratic behavior
discovered by administrators, users, or computer security personnel must be reported to
the organizational ICT computer security office within 1 hour.
ROLES
 The intrusion detection team shall:
o Monitor intrusion detection systems both host based and network based.
o Check intrusion detection logs daily.
o Determine approved intrusion detection systems and software.
o Report suspicious activity or suspected intrusions to the incident response team.
 The incident response team shall:
o Act on reported incidents and take action to minimize damage, remove any hostile or
unapproved software, and recommend changes to prevent future incidents. Action
shall be based on the approved incident response plan.
Version Control
Version
Date
Author
0.1
23/01/2012 IT
0.2
0.3
2.
GRIEVANCE AND NON COMPLIANCE
Details
Initial draft.
Should any staff member have a grievance regarding the interpretation or implementation
of this policy, such staff member shall abide by the grievance procedure of council as
mended from time to time.
Any non compliance by any staff member of this policy, where there are no extenuating or
extraordinary circumstances, shall lead to staff members being subjected to discipline in
terms of the Council’s disciplinary procedure.
3.
REVIEW AND AMENDMENT OF POLICY
This policy can be reviewed at any time in full consultation with all staff members, but
may only be amended by Council.
4.
SHORT TITLE AND APPLICATION
This policy shall be called Intrusion Detection Policy for Ehlanzeni District Municipality and
shall come into operation once it is approved by Council.