Developing Procedures and Standards › Procedures for Handling Violations
Procedures for Handling Violations
A pattern of unauthorized access attempts by a user (or group of users) could indicate that these users are looking for a loophole in your security definitions. If they find the loophole, this will not show up as a violation. Therefore, a pattern of attempts might indicate a potential breach of security and should not be ignored or taken casually.
If employees sense that no one is monitoring violation attempts, they might be encouraged to try to access resources that they should not.
To handle excessive violations:
- Carefully monitor your regular violation reports to determine patterns of excessive violations by specific users or groups of users
- If you identify suspicious users or groups of users, consider doing further research on access patterns by auditing the suspected ACIDs
- Use TSSUTIL to produce regular reports on these users, showing violations and all audited activity
- Use TSSTRACK to monitor the suspected users as they are working, and later produce reports on your observations
- If the attempts are made against a specific set of resources, consult with the owner of the resources to determine the sensitivity of this information
- If you feel that these patterns should be formally reviewed, meet with the user to determine the cause of the access activity
- If the activity was malicious or destructive in nature enforce an agreed upon action
- Continue to monitor the user's activity
Copyright © 2010 CA Technologies.
All rights reserved.
|
|