Monitoring and Anomaly Detection. SSA recommends that EIEPs use an Intrusion Protection System (IPS) or an Intrusion Detection System (IDS). The EIEP must establish and/or maintain continuous monitoring of its network infrastructure and assets to ensure the following: o The EIEP’s security controls continue to be effective over time o Only authorized individuals, devices, and processes have access to SSA- provided information o The EIEP detects efforts by external and internal entities, devices, or processes to perform unauthorized actions (i.e., data breaches, malicious attacks, access to network assets, software/hardware installations, etc.) as soon as they occur o The necessary parties are immediately alerted to unauthorized actions performed by external and internal entities, devices, or processes o Upon detection of unauthorized actions, measures are immediately initiated to prevent or mitigate associated risk o In the event of a data breach or security incident, the EIEP can efficiently determine and initiate necessary remedial actions o The trends, patterns, or anomalous occurrences and behavior in user or network activity that may be indicative of potential security issues are readily discernible The EIEP’s system must include the capability to prevent employees from unauthorized browsing of SSA records. SSA strongly recommends the use of a transaction-driven permission module design, whereby employees are unable to initiate transactions not associated with the normal business process. If the EIEP uses such a design, they then need anomaly detection to detect and monitor employee’s unauthorized attempts to gain access to SSA-provided information and attempts to obtain information from SSA for clients not in the EIEP’s client system. The EIEP should employ measures to ensure the permission module’s integrity. Users should not be able to create a bogus case and subsequently delete it in such a way that it goes undetected. If the EIEP’s design does not currently use a permission module and is not transaction- driven, until at least one of these security features exists, the EIEP must develop and implement compensating security controls to deter employees from browsing SSA records. These controls must include monitoring and anomaly detection features, either systematic, manual, or a combination thereof. Such features must include the capability to detect anomalies in the volume and/or type of transactions or queries requested or initiated by individuals and include systematic or manual procedures for verifying that requests and queries of SSA-provided information comply with valid official business purposes. The system must also produce reports that allow management and/or supervisors to monitor user activity, such as the following:
Appears in 4 contracts
Samples: eldorado.legistar.com, media.rivcocob.org, www.slocounty.ca.gov
Monitoring and Anomaly Detection. SSA recommends that EIEPs use an Intrusion Protection System (IPS) or an Intrusion Detection System (IDS). The EIEP must establish and/or maintain continuous monitoring of its network infrastructure and assets to ensure the following: o The EIEP’s security controls continue to be effective over time o Only authorized individuals, devices, and processes have access to SSA- provided information o The EIEP detects efforts by external and internal entities, devices, or processes to perform unauthorized actions (i.e., data breaches, malicious attacks, access to network assets, software/hardware installations, etc.) as soon as they occur o The necessary parties are immediately alerted to unauthorized actions performed by external and internal entities, devices, or processes o Upon detection of unauthorized actions, measures are immediately initiated to prevent or mitigate associated risk o In the event of a data breach or security incident, the EIEP can efficiently determine and initiate necessary remedial actions o The trends, patterns, or anomalous occurrences and behavior in user or network activity that may be indicative of potential security issues are readily discernible The EIEP’s system must include the capability to prevent employees from unauthorized browsing of SSA records. SSA strongly recommends the use of a transaction-driven permission module design, whereby employees are unable to initiate transactions not associated with the normal business process. If the EIEP uses such a design, they then need anomaly detection to detect and monitor employee’s unauthorized attempts to gain access to SSA-provided information and attempts to obtain information from SSA for clients not in the EIEP’s client system. The EIEP should employ measures to ensure the permission module’s integrity. Users should not be able to create a bogus case and subsequently delete it in such a way that it goes undetected. If the EIEP’s design does not currently use a permission module and is not transaction- driven, until at least one of these security features exists, the EIEP must develop and implement compensating security controls to deter employees from browsing SSA records. These controls must include monitoring and anomaly detection features, either systematic, manual, or a combination thereof. Such features must include the capability to detect anomalies in the volume and/or type of transactions or queries requested or initiated by individuals and include systematic or manual procedures for verifying that requests and queries of SSA-provided information comply with valid official business purposes. The system must also produce reports that allow management and/or supervisors to monitor user activity, such as the following:
Appears in 3 contracts
Samples: Standard Agreement, web2.co.merced.ca.us, www.slocounty.ca.gov
