Detection
- Every day, come to the office assuming that a new vulnerability has surfaced
- Perform routine checks of log files from firewalls, Web and application servers, IDS boxes, and performance monitors
- Be curious, ask questions and pursue answers
- Prioritize assets based on their value, and focus detection efforts accordingly
- Make a list of all the security products used in the organization, and monitor vendors Web sites for updates
- Update security products often—daily, if necessary
- Know the IT infrastructure and how it behaves under normal circumstances so abnormal activities are noticeable
- Rely on people to detect new attacks, and make sure they have the resources to fully defend the IT infrastructure