Your browser has JavaScript turned off.
You must turn it on to proceed.

NORS -- CSRIC Best Practices Result

CSRIC Best Practices Result

Detailed Information for the Best Practice: 9-9-8522

Number 9-9-8522
Priority Important
Description Upon discovery of an unsanctioned device on the organizational network, Service Providers, Network Operators, and Public Safety should investigate to determine ownership and purpose/use of the device. Where possible, this phase should be non-alerting (i.e., log reviews, monitoring of network traffic, review of abuse complaints for suspect IP address) to determine if the use is non-malicious or malicious/suspect. If use is determined to be non-malicious, employ available administrative tools to correct behavior and educate user. Conduct review of policies to determine: If additional staff education regarding acceptable use of network/computing resources is requiredIf processes should be redesigned / additional assets allocated to provide a sanctioned replacement of the capability. Was the user attempting to overcome the absence of a legitimate and necessary service the organization was not currently providing so that s/he could perform their job? If the use is deemed malicious/suspect, coordinate with legal counsel: Based on counsel's advice, consider collecting additional data for the purposes of assessingDepending on the scope of the misuse, consider a referral to law enforcement.
Network Type(s) Internet/Data
Industry Role(s) Service Provider; Network Operator
Keyword(s) Cyber Security;Intrusion Detection;Network Elements;Network Operations;