Detection measures are needed to identify computer-related crime -- what is the most reactive way to detect whether a computer crime has been attempted or successfully concluded?
It can be the use of a lot of tools but, the first step is to prioritize your key assets and track the highest priority resource for protection first. This tracking could include a variety of tools such as logs, IDS, data integrity checking, firewall intercepts, etc. Use your security policy, vulnerability analysis, etc. to develop a proactive and a reactive policy. There is no silver bullet here.
Editor's note: Do you agree with this expert's response? If you have more to share, post it in one of our .bphAaR2qhqA^0@/searchstorage>discussion forums.
This was first published in November 2002