What Are Your Organization’s Needs?

Each organization is different. As a professional, it is your job to assess your organization’s specific needs.

Law enforcement professionals may determine that their caseloads are too extensive for the manpower they have. Maybe the equipment they are using is outdated. Perhaps they have issues with a particular type of software.

Corporate organizations may want to make sure they formulate security policies by assessing risk, threats, and their exposure to determine how best to keep their networking environment safe. Corporations can also have outdated equipment or applications, making their networks more vulnerable.

Because every organization is different, with different policies and requirements, there are no “one size fits all” rules that cover all the security bases. Training and education make a good start, but you must constantly update your knowledge of hardware, software, and threats. You should recognize how they affect your work and your organization so that you can continuously reassess your vulnerabilities. Remember, a computer forensic technician is a combination of a private eye and a computer scientist.

Security experts are able to monitor vast amounts of data. They can track Internet access, read employee e-mails, record phone calls, and monitor network access. How much you monitor depends on how much information you want to store. Remember that your monitoring plan should be clear-cut and built around specific goals and policies. Without proper planning and policies, you can quickly fill your log files and hard drives with useless or unused information. Here are some items to consider as you get ready to implement a monitoring policy:

• Identify potential resources at risk within your environment (for example, sensitive files, financial applications, and personnel files).
• After resources are identified, set up the policy. If a policy requires auditing large amounts of data, be sure the hardware has the necessary storage space, as well as sufficient processing power and memory.
• Make time to review the logs. The information in log files won’t help protect against a system compromise if you don’t read it for six months.

You can monitor as much or as little as you want, but if you don’t read the logs, they cannot serve their intended purpose.

Monitoring can be as simple or complex as you want to make it. Be consistent regardless of the plan you create. Many organizations monitor an extensive amount of information, while others, especially small ones, may monitor little or nothing. Just remember that it will be quite difficult to catch an intruder if you don’t monitor anything.