ISSeG logo

 Training and Dissemination web site

 FP6 logo

Integrated Site Security for Grids

 A project co-funded by EU FP6 programme
Home page

Top Recommendations
Top Threats
Security Checklists
Risk assessment

my Role
my Site
my Community
All Recommendations
All Threats
Training
Downloads

Security terms


Contact
ISS & ISSeG

Recommendation

Ensure resources link to the people in charge of them

ID: R44

What: The information about which resource is administered by whom should be stored in a central database and its consistency has to be regularly checked. Ideally it will be connected with an Identity Management System to ensure that resources from leaving personnel are reassigned to avoid unattended machines.
Why: During a security incident it is important to identify the responsible person for a compromised resource as fast as possible in order to react. A central database connecting each resource to a responsible person (administrator) helps identify the right person to respond appropriately and avoid further damage.
How : Connect existing databases to interlink resources to the people responsible for them Often the different responsibilities of one person are stored in a distributed way over several existing databases. To avoid data inconsistency and to allow the security officer to react fast to security incidents it is important to merge the different resources or at least to offer access to all information via a single front end.

Hints:
  • Access to administrative information is essential in order to react quickly to security incidents. To avoid data duplication and data inconsistency, centralize databases or implement a single front end across all databases.
  • Detailed knowledge about resources (responsible person, location) can help to reduce the impact of an intrusion.
  • Deploy ITIL, all information about an asset and the responsible person will be stored in the configuration management database (CMDB).

    Links:
  • ENTEO life cycle management of HW and SW http://www.enteo.com/en/index_en.html
    • Relevant recommendations

    R41, R42, R43, R45, R51, R59, R62,

    Relevant threats:

    T4, T6, T8, T13, T15

    Relevant ISS audit questions:

    Q17, Q22, Q23, Q24, Q25, Q26, Q9, Q30

    Keywords

    Incident, Sensitive, Device, Developer, System, Administrator, Intrusion, Detection, Desktop, Worm, Virus, Management, Policy

    Recommendation Category:
    Technical - Administrative -  Education - X
    Copyright (c) Members of the
    ISSeG Collaboration
    2008    		 Top of page Home page Information Society and media logo

    This is version 5.2 of the website - view release notes
     -view visitor statistics