Scribd Logo
Upload

Welcome to Scribd!

  • Unimex Trade & Logistics, LLC: Intrusion Detection

    Uploaded by

    Ana Elena Chacon
    25 views3 pages
    CTPAT

    Original Title

    TEC0050 Intrusion Detection

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    CTPAT

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    25 views3 pages

    Unimex Trade & Logistics, LLC: Intrusion Detection

    Uploaded by

    Ana Elena Chacon
    CTPAT

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Reviewed October 2020 CTPAT Policies & Procedures Manual TEC0050

    UNIMEX TRADE & LOGISTICS, LLC


    Intrusion Detection
    Section: Cybersecurity TEC0050

    Supersedes New

    Purpose This document provides general guidelines for the use of intrusion
    detection technology to protect Unimex Trade & Logistics, LLC’s
    computer network and the information stored therein.

    Target Audience All employees of Unimex Trade & Logistics, LLC

    Definitions Intrusion
    Any action that attempts to compromise the integrity, confidentiality, or
    accessibility of company equipment or the information stored therein.

    Intrusion Detection (ID)


    A type of security management system for computers and networks. An ID
    system gathers and analyzes information from various areas within a
    computer or a network to identify possible security breaches, which include
    both intrusions (attacks from outside the organization) and misuse (attacks
    from within the organization).

    General Intrusion detection plays an important role in an organization’s security


    policy. As information systems grow in complexity, effective security
    systems must evolve. With the increase in the number of vulnerability
    points, assurance is needed that computer systems and networks are
    secure. Intrusion detection systems can help to provide that assurance.

    Intrusion Intrusion detection performs two primary functions in protecting


    Detection information resources:
    Functions
     Provides an indication of the effectiveness of other components of the
    security system, e.g., a lack of detected intrusions is an indication that
    other defenses are working.

     Acts as a trigger mechanism for the activation of planned responses to


    an intrusion.

    Intrusion detection fulfills these key functions by:

    Reviewed May 2020 CTPAT Policies & Procedures Manual


    TEC0050
    Reviewed October 2020 CTPAT Policies & Procedures Manual TEC0050

     Monitoring and analyzing user and system activities.


     Analyzing system configurations and vulnerabilities.
     Assessing system and file integrity.
     Recognizing patterns typical of attacks.
     Analyzing abnormal activity patterns.
     Tracking user violations of company policy.

    Responsibilities  The Information Technology Department shall install systems designed


    to detect intrusions.

     The Information Technology Department shall manage and monitor the


    intrusion detection system and notify appropriate parties of potential
    and actual intrusions against Unimex Trade & Logistics, LLC
    systems.

     Operating system, user accounting, and application software audit


    logging processes shall be enabled on all host and server systems, to the
    extent resources permit.

     Alarm and alert functions, as well as audit logging of firewalls and other
    network perimeter access control systems, shall be enabled.

     Audit logs from network perimeter access control systems shall be


    monitored/reviewed as risk management warrants.

     System integrity checks of firewalls and other network perimeter access


    control systems must be performed on a daily basis.

     Audit logs for servers and hosts on the internal network must be
    reviewed on a weekly basis. The system administrator must furnish any
    audit logs as requested in accordance with company procedures.

     Network/host-based intrusion detection tools will be checked on a daily


    basis.

     All suspected and/or confirmed instances of attempted or successful


    intrusions shall be immediately reported.

     Information resource users are encouraged to report any irregularities


    in system performance and/or signs of unusual behavior or activity to
    their departmental system administrator.

     System administrators shall keep abreast of industry best practices


    regarding methods to detect intrusions.

    Reviewed May 2020 CTPAT Policies & Procedures Manual


    TEC0050
    Reviewed October 2020 CTPAT Policies & Procedures Manual TEC0050

    Records Records generated by this procedure will be maintained in accordance with


    corporate record retention procedures.

    Reference None

    Attachments Companies may want to include copies of their various IT security log forms.

    Responsible The Quality Control Department has responsibility for implementing and
    Organization maintaining this document.

    Authorization This document is authorized by Adolfo Campero, Jr., Managing Member

    Reviewed May 2020 CTPAT Policies & Procedures Manual


    TEC0050

    You might also like