Per CISSP examination textbook Volume I: Theory pg. 18
The objective of variance detection is to allow management to detect and
react to departures from established rules. It can be a very useful
technique to encourage general awareness of security and to discourage
dishonest and abusive employee behavior.
This is a summation. There is much more to it. This falls under
accountability and auditing requirements.
And if you can't believe EVERYTHING you read, what can you believe? ;)
----- Original Message -----
From: "Phillip Renouf" <[EMAIL PROTECTED]>
To: "Scott Schindler" <[EMAIL PROTECTED]>
Sent: Wednesday, November 29, 2000 10:45 AM
Subject: Re: [FW1] intrusion detection - benifits?
> When I think about IDS'ing an internal network it isn't because I think
> all
> my employee's are untrustworthy. I want an internal IDS for two reasons:
> 1.
> I don't know every employee in the company and someone somewhere
> probably
> has enough knowledge and a chip on his shoulder to make my life
> miserable
> and 2. if someone makes it through my external IDS and firewall, I want
> to
> know what they are doing on my internal net. The internal IDS will allow
> it.
>
> It only takes one pissed off employee to break into a system, and since
> they already have authorized access to a lot of things it make their job
>
> easier and our job more difficult. It's just another tool for the job.
>
> Phil
>
> >Oh and by the way, holding a gun to someone, is not an analogy of
> network
> >security. We are not threatening employees. We are an enabler not a
> >disabler. Our job is to protect their interests, not frighten them.
> This
> >is not an issue that you are wrong. You do not have to IDS your
> internal
> >net. It is simply added security. If it is a cost issue, then you
> simply
> >document that and get sign-off on that decision.
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
