- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive! / SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top 20 List
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
Intrusion Detection FAQ: If someone from a large organization called and asked you for advice on what he or she should do first to get started on ID, what one thing would you recommend?
|
The best place to start really depends upon the organization and the necessity for keeping its information secure. One good starting place is to look at the impact of past intrusions. If the company has been subject to recent intrusions and hacking activity, they will be cognizant of the risks out of necessity. Studying past intrusions and the company’s response will be helpful in framing the business case for intrusion detection products. For example, intrusion detection products would have caught the intrusion sooner saving $X.XX and the embarrassment of the intrusion in the press.
The cost of prior intrusions will be beneficial in the preparation of a preliminary cost benefit analysis. The cost of an intrusion may include production downtime, negative public relations that may affect a company’s stock price, sabotage of critical information leading to bad decisions, or unauthorized access or theft of confidential information leading to the loss of a competitive advantage. The cost also includes the expenses associated with investigation, legal, forensic and management reporting. The understanding of the benefits of intrusion detection has to be developed with a general familiarity with the intrusion detection products currently in the market. The goals and objectives of the intrusion detection products need to be understood. Understanding the relation between the business case objectives and those of specific products helps articulate what is possible to achieve and will also pave the way for selecting products that meet company IDS needs. Unfortunately, there are not many textual reference books available on intrusion detection. Web sites, white papers, product brochures and intrusion detection conferences will provide a good starting point for assembling this information. Discussing intrusion detection with other organizations that have implemented intrusion detection may prove to be very helpful. The next step is to translate this material for management. White papers and presentations are good mechanisms to increase management’s awareness and understanding of intrusion detection. The objective is to establish a good business case for using intrusion detection. The costs of recent break-ins by intrusions into the company will help support the business case even if only at the anecdotal level. Certainly, recent related cases from the media would help reinforce the need for intrusion detection. Management will be more likely to take action when the business case is strongly articulated and clearly related to the benefits of intrusion detection products. Phil Bandy, Michael Money & Karen Worstell SRI Consulting |
Check Them Out!
I think this course changed my life.
-James Welcher, LBNL
- © 2000-2009 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy