module 5

profilepaupol2004
CIS3240C_Mod5.xlsx.xlsx

Sheet1

Brief description of the monitoring used and the alerting processes Devices to pull log data from in order to satisfy the monitoring rule. Frequency of the log data collection At least two ways this monitor could be tested to validate any false positives or negatives
Asset Inventory of Authorized and Unauthorized Devices Reduces the ability of attackers to find and exploit unauthorized and unprotected systems. Uses active monitoring and configuration management to maintain an up-to-date inventory of devices connected to the business network, including servers, workstations, laptops, and remote devices. Spiceworks, Colasoft MAC Scanner, or Angry IP Scanner Monthly Physical device search, Mac address search, or port ping search
Software Inventory of Authorized and Unauthorized Devices Identify vulnerable or malicious software to mitigate or root out attacks. Devise a list of authorized software for each type of system, and deploy tools to track software installed. Require administrative login for all software. CIS Controls or Spiceworks Monthly Physical device search or Administrative login approval
Malware Defenses Block malicious code from tampering with system settings or contents, capturing sensitive data, or spreading. Use automated anti-virus and anti-spyware software to continuously monitor and protect workstations, servers, and mobile devices. AVG Business Internet Security or Total AV. If running Windows then Windows Defender Real Time Real time and Weekly scans of all devices. Montoring rules set in place for all incoming and outgoing data.
Boundary Defense Control the flow of traffic through network borders, and police content by looking for attacks and evidence of compromised machines. Firewalls, Proxies, and various network tools. Weekly Regular scans from outside the trusted network boundary and remote logging into organization network.
Controlled use of Administrative Privileges Protect and validate administrative accounts on desktops, laptops, and servers by running security audits on all devices connected to the network. Admin workstation, Admin devices for work, and server Quarterly Use audit software and physically check all device log files.