Personnel Management Policies in Information Security

Personnel management policies describe how people are expected to behave Software Development Companies. For each intended audience (management, system administrators, general employees, and so on), the policy addresses specific behaviours that are expected by management with respect to computer technologies and how they are used.

Application Monitoring: All servers containing applications designated for monitoring must be constantly monitored during the hours the application operates. At least the following activities must be monitored:

• Application up/down status

• Resource usage

• Non-standard behaviour of application

• Addition or change of the version, or application of software patches

• Any other relevant application information

Desktop System Administration: No user of a workstation or desktop system may be the system administrator for their own system. The root or Administrator password may not be made available to the user.

Intrusion-Detection Monitoring: All critical servers must be constantly monitored at all times for intrusion detection. This monitoring must cover at least the following categories:

• Port scans and attempts to discover active services

• Nonstandard application connections

• Nonstandard application behavior

• Multiple applications

• Sequential activation of multiple applications

• Multiple failed system login attempts

• Any other relevant intrusion-detection information

Firewall Monitoring: All firewalls must be constantly monitored, 24×7×365, by trained security analysts. This monitoring must include at least the following activities:

• Penetration detection (on the firewall)

• Attack detection (through the firewall)

• Denial of service detection

• Virus detection

• Attack prediction

• Intrusion response

System Administrator Authorization: System administration staff may examine user files, data, and e-mail when required to troubleshoot or solve problems. No private data may be disclosed to any other parties, and if any private passwords are thus identified, this must be disclosed to the account owner so they can be changed immediately.

Network Security Monitoring: All internal and external networks must be constantly monitored, 24×7×365, by trained security analysts. This monitoring must detect at least the following activities:

• Unauthorized access attempts on firewalls, systems, and network devices

• Port scanning

• System intrusion originating from a protected system behind a firewall

• System intrusion originating from outside the firewall

• Network intrusion

• Unauthorized modem dial-in usage

• Unauthorized modem dial-out usage

• Denial of services

• Correlation between events on the internal network and the Internet

• Any other relevant security events

System Administrator Authentication: Two-factor token or biometric authentication is required for all system administrator account access to critical servers in Software Development Companies.

System Administrator Disk-Space Usage Monitoring: System administration staff may examine user files, data, and e-mail when required to identify disk-space usage for the purposes of disk usage control and storage capacity enhancement and planning.

System Administrator Account Monitoring: All system administration accounts on critical servers must be constantly monitored at all times. At least the following categories of activities must be monitored:

• System administrator account login and logout

• Duration of login session

• Commands executed during login session

• Multiple simultaneous login sessions

• Multiple sequential login sessions

• Any other relevant account information

System Administrator Appropriate Use Monitoring: System administration staff may examine user files, data, and e-mail when required to investigate appropriate use.

Remote Virus-Signature Management: All virus software must be set up to support secure remote virus-signature updates, either automatically or manually, to expedite the process of signature file updating and to ensure that the latest signature files are installed on all systems.

Remote Server Security Management: All critical servers must be set up to support secure remote management from a location different from where the server resides. Log files and other monitored data must be sent to a secure remote system that has been hardened against attack, to reduce the probability of log file tampering.

System Administrator Account Login: System administration staff must use accounts that are traceable to a single individual. Access to privileged system commands must be provided as follows:

• On Unix systems Initial login must be from a standard user account, and root access must be gained

• On Windows systems System administration must be done from a standard user account that has been set up with Administrator privileges.

Direct login to the root or Administrator account is prohibited.

Remote Network Security Monitoring: All network devices must be set up to support security management from a location different from where the network equipment resides. Log files and other monitored data must be sent to a secure remote system that has been hardened against attack, to reduce the probability of log file tampering.

Remote Firewall Management: All firewalls must be set up to support secure remote management from a location different from where the firewall resides. Log files and other monitored data must be sent to a secure remote system that has been hardened against attack, to reduce the probability of log file tampering in Software Development Companies.