I l @ ve RuBoard |
If additional detection or changes in existing detection would have reduced the impact of the incident, then those changes should be made. Detection is the last line of defense. If vulnerabilities are exploited and safeguards are bypassed, rapid detection of the incident is the only hope of minimizing the impact of the incident. Configuration ChangesMake the changes to the intrusion detection systems to better detect intrusions similar to that of the current incident. Review current vulnerabilities and determine if there are changes to the intrusion detection systems that will help account for these. The alerting methods and contacts should be reviewed to be sure that they are the most effective available. Add DetectionEvaluate the system to determine if additional detection mechanisms are warranted. The addition of new products or plug-ins for the detection system may assist in the rapid detection of incidents. These steps should be made proactively, not just in response to an incident. |
I l @ ve RuBoard |