Day 10 - Identification: Using Your Help Desk to Identify Security Incidents
Last Updated: 2008-10-10 02:03:10 UTC
by Marcus Sachs (Version: 1)
For the tenth day of Cyber Security Awareness Month we remind our readers that one of the best ways to identify problems in your network is to let your employee or customer help desk be the equivalent of a "human intrusion detection system". When they get more than two or three calls about the same problem, the help desk should be notifying the security team about what is going on. It might not be an incident that needs handling, but it's definitely an event that deserves watching.
Do you have a good relationship with your help desk staff? Do you include them in your security planning and preparation, especially as potential sources of information about the security posture of your networks? What steps have you taken to train your organization's help desk to recognize emerging security incidents?
Send us your ideas and comments via our contact form and we'll add them to this diary throughout the day.
Marcus H. Sachs
Director, SANS Internet Storm Center