| 1. The system engineering team (consisting of project manager, system engineer, network administrator, security engineer, IA personnel) shall identify a list of DOD approved automated, continuous on-line monitoring tools (e.g. intrusion detection system). |
2. The system project management team shall perform an analysis of advantages and disadvantages of individual monitoring tools based on tool functions, system environment, and fund.
3. The system project management team shall select an automated, continuous on-line monitoring tool that is the best suitable to the system environment.
4. The network administrator shall install the selected automated, continuous on-line monitoring tool in a lab environment and configure the tool properly in accordance with vendor security checklists and/or industry best practices.
5. The network administrator shall test the tool, at a minimum, the following capabilities:
· Recording and monitoring security events on real-time
· Alerting personnel immediately of any unusual or inappropriate security activity
· Disabling the system if serious IA violations are detected based on detection signatures.
6. The network administrator shall determine the options of alerting via pager, email, or cell phone and configure it so that is alerts operators immediately when a security violation is detected.
7. If the tool works as planned, the network administrator shall implement the tool into the system in the operational environment.