VICTORIAN XRAY GROUP PTY LTD
Information Technology Policies and Procedures
IT Policies and Procedures
Page 0
VICTORIAN XRAY GROUP PTY LTD SECURITY POLICY
Introduction Purpose This document outlines the Computer Security Policies and Procedures for Victorian Xray Group Pty Ltd (VXG) These policies and procedures include!
"ccepta#le Computer Computer $sage $sage Policies "dministrati%e Security Practices Practices &et'or Security Physical Security Technical Security (System ard'are and Soft'are)
The Computer Security Policies and Procedures are applica#le to any staff of VXG and to anyone associated 'ith VXG in any 'ay The aims of the Computer Security Policies and Procedures are!
To pro%ide computer security policies and procedures for VXG To pro%ide a secure and producti%e computing en%ironment for VXG To increase a'areness of computer security amongst staff and clients of VXG To encourage ethical and la'ful #eha%iour in all 'ho use or pro%ide information resources 'ithin VXG To increase user a'areness of their responsi#ilities 'hen using VXG resources and the disciplinary actions for inappropriate use of VXG resources To pro%i pro%ide de a guide guidelin line e for prote protecti cting ng %alua %alua#le #le infor informa matio tion n resou resource rces s from from theft* theft* dama damage ge** and and unauthorised access or change To increase the a'areness of confidentiality and possi#le legal re+uirements 'hen dealing 'ith sensiti%e VXG information To ensure processes are in place to identify and correct damaged systems such that VXG operations continue 'ith minimal disruption
,ire'alls protection of all VXG computing assets is mandatory ho'e%er this document contains no direct policy as to the installation and management* suffice to say a net'or is only as secure as its 'eaest lin ,ire'all configuration should #e consistent across to 'hole of VXG Review of Policy and Procedures Indi%iduals seeing clarification or interpretation of the security policies and procedures are to contact VXG ead -ffice at .0 /rummond Street* Carlton on 0 122 3340 The Policies and Procedures are to #e re%ie'ed yearly or as needed Who Can Use VXG Resources The resources pro%ided #y VXG are for staff and contractors for acti%ities directly related to their employment 'ith VXG Persons Persons outside outside these these categor categories ies are not permitted permitted to use VXG resources resources unless e5plicitly e5plicitly permitted in 'riting #y the IT 6anagement of VXG VXG "ccepta#le $se Policy co%ers the usage of all VXG resources
IT Policies and Procedures
Page 7
Rationale Computer Computer security security threats threats are imminent imminent in a informat information ion technol technology ogy en%iron en%ironmen ment t The occurren occurrence ce of a computer security incident can ha%e a significant impact on VXG operations "n incident may result in!
8reach of confidentiality* integrity and a%aila#ility of VXG and client data /isruption to VXG operational and administration acti%ities Loss of VXG assets Loss of #usiness Commercial loss Professional em#arrassment
It is important that policies and procedures are put in place #y VXG to impede the occurrence of the a#o%e threats a%ing security policies and procedures also assists in the follo'ing!
To help mae decisions 'ith regards to other policies To assist in maing purchasing decisions ,orms a frame'or for deciding on 'hat actions to tae in particular circumstances -ffer a frame'or for the design and configuration of computer systems and net'or infrastructure Is a testament to the commitment of VXG to professionalism
IT Policies and Procedures
Page 9
efinitions The definitions sho'n #elo' are to #e applied to the appropriate term 'hen referenced in the Security Policies and Procedures for VXG "ssociates Computer Systems /isaster VXG VXG VXG "sse "ssett VXG /ata
People 'oring 'ith VXG* using VXG resources* #ut not employed #y VXG* for e5ample* 'oring in a cooperati%e pro:ect arrangement 'ith VXG Includes* #ut is not limited to* personal computers (PC;s)* laptops* note#oos* 'orstations* mini
"ny information information or data* data* in any medium or or form* that is o'ned o'ned and used used #y VXG to conduct conduct VXG Information its #usiness* consulting* and ser%ice acti%ities* and 'hich is captured* stored* maintained* or accessed in VXG systems "ny #usiness acti%ities acti%ities undertaen undertaen #y VXG 'ithin its medical medical and radiology radiology centres centres VXG -perations 6eans that* e5cept for minimal personal use* VXG resources are to #e used for tass related to a :o# function and=or course of #usiness only Information /ata#a /ata#ases ses and and data data files files** system system docume documenta ntatio tion* n* manu manuals als** opera operatio tiona nall or suppor supportt "sset procedures* VXG Information &et'or Includes* #ut is not limited to* net'or ca#ling* net'oring de%ices such as repeaters* Infrastructure s'itches* routers Compu Computer ter and and net'o net'or r commu communic nicati ations ons e+ui e+uipm pmen ent* t* magn magneti etic c media media** any any techni technica call Physical "sset e+uipment* furniture and accommodation "ny information or data* in any medium or form such as printed paper* paper* digital* %ideo* and >esources audio representations* the computing hard'are and soft'are systems 'hich access and manipulate information or the net'or infrastructure 'hich transports information Soft'are Soft'are "sset "sset "pplicati "pplication on soft'are* soft'are* system soft'are soft'are** de%elopment de%elopment tools tools and utilities utilities Staff "n employee or contractor employed #y VXG Systems See Computer Systems " /e%ice or group of de%ices together 'ith policies and infrastructure designed to pre%ent ,ire'all the misuse* corruption corruption or theft theft of data from personal personal or company IT resource resources s from net'ors or #y hosts deemed to #e in the pu#lic domain* for e5ample the Internet System " person person 'ho has has #een delegated delegated to manage manage a computer system or net'or net'or system "dministrator "dministrator VXG Purposes
!ccepta"le Use !ccepta"le Use of Resources The use of computing computing and net'or resources at VXG imposes 'ith it the responsi#ility responsi#ility and o#ligation to use the resources in an efficient* ethical* and legal manner "ccepta#le use of resources demonstrates demonstrates respect for intellectual property* property* o'nership of data* system security mechanisms* and an indi%idual;s rights to pri%acy and to freedom from intimidation* harassment* and un'arranted annoyance The resources are to #e used in a manner consistent 'ith the #usiness o#:ecti%es of VXG and 'ith the purpose for 'hich such use 'as intended
IT Policies and Procedures
Page
#$pectations of Users "ccounts on computer systems are to #e used solely for the purposes for 'hich the accounts are intended The user must maintain the integrity of the account #y ensuring the follo'ing!
$sers shall use accounts only for VXG Purposes specified and shall not use any other user;s account 'ith or 'ithout that user;s permission -ther than minimal personal use* non
To respect soft'are copyright and licenses!
$sers $sers shall shall use use only only legal legal %ersio %ersions ns of copyri copyrigh ghte ted d soft'a soft'are re in compli complianc ance e 'ith 'ith %endor %endor licens license e re+uirements and soft'are shall not #e copied e5cept as specifically stipulated #y the o'ner of the copyright
To respect the pri%acy of other users!
$sers shall not intentionally see information on* o#tain copies of* or modify files* pass'ords or any type of data #elonging to other users unless specifically authorised to do so or 'here such data is in the pu#lic domain @lectronic communication facilities (such as email* tal) shall not #e used to send fraudulent* harassing* o#scene* threatening* or other unla'ful messages $sers $sers may not create* create* send* send* or for'ard for'ard multile%el multile%el maretin mareting g letters letters (chain (chain letters* letters* pyramid pyramid selling selling schemes etc) "ttempts to alter the attri#ution of origin of a communication communication facility 'ill #e considered considered a #reach of accepta#le use
To respect the integrity of the systems!
$sers shall not use VXG resources to de%elop or e5ecute programs that could harass other users* infiltrate the systems* or damage or alter the soft'are components of the systems This includes! "ttempting to decode pass'ords pass'ords or access access control information information o "ttempting to pro#e* circum%ent circum%ent or su#%ert su#%ert system or net'or security security measures measures o
To respect the resources and resource controls of the systems!
$sers shall not attempt to alter or a%oid accounting* audit* or security controls and mechanisms on computing systems $sers should a%oid e5cessi%e use of resources* controlled or other'ise It is not accepta#le for users to encroach on other;s use of resources This includes! e5cess printing of documents* running grossly inefficient programs 'hen efficient alternati%es are o no'n to #e a%aila#le unauthor unauthorised ised modifica modification tion of system system facilities facilities** operatin operating g systems* systems* configur configuratio ation n files or dis o partitions attempting to crash or tie up a computer system o
$sers shall not attempt to modify or remo%e computer e+uipment* soft'are* or peripherals 'ithout proper authorisation
IT Policies and Procedures
Page 3
To respect the pri%ileges of net'or connecti%ity
$sers should not harass other users* %iolate other;s pri%acy* tamper 'ith security systems* or attempt entry to non
andom host and net'or pro#ing is not appro%ed $sers must adhere to the follo'ing guidelines! /o not transfer files to any machines on 'hich one does not ha%e an account or 'hich does not o ad%ertise anonymous file transfer ser%ices /o not Telnet to any machines on 'hich one does not ha%e an account or 'hich does not ha%e a o guest account /o not try to Telnet into miscellaneous ports? use only authorised ports for access o
Violations of these conditions of accepta#le use may* after due process* result in any of the follo'ing!
The suspension of computing pri%ileges Termination of employment Legal action
Violation of Policy $sers* 'hen re+uested* are e5pected to cooperate 'ith system administrators in any in%estigations of system a#use /eli#erate attempts to th'art such in%estigations or refusal to respond to reasona#le re+uests may #e grounds for cancellation of access pri%ileges "#use of computing computing pri%ileges pri%ileges is su#:ect to disciplinary action action If system administrators administrators ha%e strong e%idence e%idence of misuse of computing resources* and if that e%idence points to the computing acti%ities or the computer files of an indi%idual* they ha%e the o#ligation to pursue any or all of the follo'ing steps to protect other users and VXG!
Temporarily suspend or restrict the user;s computing pri%ileges during the in%estigation Staff may appeal such a suspension or restriction through the 6anaging /irector of VXG or designate Inspect the user;s files* disettes* tapes* and=or other computerefer the matter for possi#le disciplinary action to the 6anaging /irector of VXG (or designate) and=or IT 6anagement
IT Policies and Procedures
Page 4
Policy Physical !ccess %uilding
Possession of a ey not issued to its holder is a disciplinary offence offence " ey issued to an indi%idual indi%idual must must not #e passed passed to another another person person " ey code if applica#le* applica#le* gi%en to an indi%idual indi%idual must not #e #e told to another another person person Staff 'ill ha%e access to their place of 'or during the standard 'oring hours Staff 'ill ha%e after
&ardware and Physical 'ecurity !ccess to Resources
Computer Systems are to #e protected #y ey locs* pass'ords or other controls 'hen not in use If this is not possi#le* users are to log off or log out of the computer system $sers 'ill #e held responsi#le for any use=misuse of the computer pri%ileges resulting from a failure to logout of a computer system Ahere possi#le* e+uipment should #e situated to minimise the threat of unauthorised access Aorstations handling sensiti%e data should #e positioned to reduce the ris of o%erlooing
'ecurity of Resources
-ffice space containing computer assets are to #e secured* and if applica#le* access codes to those offic offices es are are to #e regist register ered ed and and monit monitor ored ed to ensu ensure re retur return n and=o and=orr changi changing ng if an indi%i indi%idu dual al terminates employment 'ith VXG /epending on the ris and %alue of the computer assets* security measures may include installation of %ideo cameras* or eypad readers on doors pro%iding access to particular rooms "ny e+uipment located in pu#licly accessi#le areas* or rooms that cannot #e loced* are to #e fastened do'n #y some physical means such as a ca#le loc system or enclosed in a loca#le computer e+uipment unit or case Computer systems are to #e secured against accessing* tampering* or remo%al of components Computer systems 'ith critical and sensiti%e data either stored on them or accessi#le through them should #e further secured against unauthorised unauthorised use e%en #y someone 'ho has legitimate access to the physical space Computer e+uipment should #e clearly mared as o'ned #y VXG "ll VXG computer computer assets are are to #e registered registered on the the VXG "sset >egister &o VXG computer assets are to #e remo%ed from VXG 'ithout the e5plicit 'ritten permission of the Technical 6anager
(aintenance of #)uipment
@+uipment malfunction can result in! Interruptions to VXG -perations o Loss of a%aila#ility* integrity and confidentiality of VXG Information or resources o The potential for a security #reach to occur o In order to minimise the effects of e+uipment malfunction the follo'ing is recommended! Computer Computer e+uipment e+uipment is to #e maintain maintained ed in accorda accordance nce 'ith the supplier suppliers; s; recomme recommended nded o ser%ice inter%als and specifications >epairs >epairs and ser%icing ser%icing of e+uipm e+uipment ent should should only #e carried carried out #y authoris authorised ed mainten maintenance ance o personnel "ll computer e+uipment critical to VXG operations operations are to #e under support and=or maintenance o contracts in case of une5pected operation or technical difficulties The le%el of maintenance taen out is to #e appropriate for the importance of the item of e+uipment "ny 6edia! ard ard /iss* Tapes* Tapes* C/Bs C/Bs etc containing containing sensiti%e data data is not to #e allo'ed allo'ed off
IT Policies and Procedures
Page 2
'ecurity of VXG #)uipment off Premises
&o VXG resourc resources es are are to #e remo remo%ed %ed from VXG VXG 'itho 'ithout ut the the e5plic e5plicit it 'ritte 'ritten n permis permissio sion n from from IT 6anagement Personal computers are not to #e used at home for VXG purposes unless %irus controls are in place Ahen tra%elling* VXG resources are not to #e left unattended in pu#lic places Porta#le computers are to #e carried as hand luggage 'hen tra%elling 'here%er possi#le Porta#le computers are %ulnera#le to theft* loss or unauthorised access Ahere%er possi#le* sensiti%e information should not #e left on the in<#uilt dis of any porta#le computer* #ut should #e carried on a disette If such information is carried on the in<#uilt dis* machine should ha%e appropriate access protection or encryption Stored pass'ords and automatic logons should ne%er #e ena#led on any Porta#le e+uipment 6anufacturers; instructions regarding the protection of e+uipment should #e o#ser%ed at all times VXG resources are to #e ept securely 'here practically possi#le
*etwor+ Infrastructure
VXG net'o net'or r infra infrastr struct ucture ure and and assoc associat iated ed de%ic de%ices es may may not not #e monit monitore ored* d* inter interfer fered ed 'ith* 'ith* or restructured 'ithout the e5press permission of the Technical 6anager or delegate &o user may listen to net'or communications or pose as another infrastructure de%ice on the net'or* this includes listening de%ices &o user may try to su#%ert de%ices #y sending false information to any infrastructure de%ice or computer* for e5ample* attempt a source routing attac Ahere possi#le net'or ca#ling should limit the num#er of users per ca#le run &et'or traffic should #e isolated #et'een unrelated net'ors Point
Computer 'ecurity
VXG Computer Systems are to #e monitored 'ith esta#lished controls to ensure conformity to VXG;s "ccepta#le $se Policy and procedures These controls should pro%ide the a#ility to trace %iolations or attempted %iolations of information security to the indi%iduals 'ho may #e held responsi#le ,ire'alls are to #e implemented so as to protect all VXG computing assets that may #e connected in any form to the Internet "udit trails recording e5ceptions and other security rele%ant e%ents should #e produced and ept for an agreed period to assist in future in%estigations in%estigations and access control monitoring monitoring Ahere possi#le* audit trails should include! " user;s user;s I/ o /ates and times of access or login and logoff times o Terminal or host identity from 'hich access 'as made o Ahere possi#le (and needed)* needed)* all computer operating operating systems are to #e maintained at the latest* sta#le* recommended patch le%el #y the %endor for that particular system Ahere possi#le* all computer systems using third party soft'are (eg Pu#lic domain Internet soft'are) are to #e maintained at the latest sta#le recommended patch le%el Security patches for computer system soft'are are to #e in%estigated and applied as soon as practically possi#le 8acup media and de%ices should #e taen into consideration 'ith ne' e+uipment purchases This strategy pro%ides #etter #acup=restore facilities and more security for the computer systems in +uestion @mail clients are to #e installed such that e5ecuta#le attachments cannot #e e5ecuted directly from the email client
#lectronic (ail IT Policies and Procedures
Page
The contents of email messages should #e used for information only since it is possi#le to send fraudulent mail @mail can only #e considered secure if using a mechanism such as PGP Standard Company disclaimers to #e attached to all out#ound email @mail can contain dangerous payloads as attachments? these are in the form of malicious e5ecuta#le files files &o e5ecut e5ecuta#l a#le e attach attachme ments nts should should #e open opened ed and and instea instead d delet deleted ed on receip receipt t These These attachments ha%e file name e5tensions such as e5e dll #at com Staff shall only use email for 'or related purposes 'ith an e5ception allo'ing for minimal personal personal use "ccepta#le use use of email includes! Con%ersing 'ith VXG staff* prospects* shareholders and clients o Con%ersing 'ith other people in the pursuit of #usiness goals o Su#scri#ing to Internet email lists that co%er the staff mem#ers :o# function o 6inimal Personal use o Staff shall not use email to send and=or no'ingly or intentionally recei%e material that is illegal under "ustralian La' La' Personnel 'ith access to stored or transmitted email messages 'ill not see to access such messages e5cept in operational or in%estigati%e circumstances that necessitate such access $sers must #e a'are that VXG can not guarantee the confidentiality of email messages Staff ha%e the right to pri%acy 'hen using email "s such* no Systems "dministrator may read the email of any staff mem#er* the only e5ception #eing the in%estigation of misuse #y the particular user "ny staff mem#er suspected suspected of misusing email may ha%e all transactions and material material logged for further further action
World Wide We" and the Internet %rowsing and 'earching the Internet
Staff mem#ers may #ro'se the Internet using Aorld Aide Ae# (AAA)* Gopher* A"IS* etc for the purpose of their research or :o# function 6inimal personal use is accepta#le &o sites no'n to contain material that is illegal under "ustralian La' may #e %isited "ll sites %isited may #e logged "ny staff mem#er suspected of misuse may ha%e all transactions transactions and material logged for further action
WWW &ome Pages
&o material that is illegal under "ustralian La' may #e made a%aila#le %ia AAA Pages &o confidential material may #e made a%aila#le ,or security reasons VXG is not o#liged to supply or mae a%aila#le any CGI scripts "ll AAA Pages may #e scrutinised "ny staff mem#er suspected of misuse may ha%e all transactions and material logged for further action
'ystem !dministrators
The System "dministrator;s use of VXG computing resources is an e5tension of the guidelines that apply to a normal user That is* these guidelines are in addition to those of a normal user Ahen e%er possi#le System administrators 'ill not dictate or set a user pass'ord if this needs to #e done* it should #e done in such a 'ay that the user is automatically re+uired to change the pass'ord ne5t time they access the system If this is not possi#le the user should #e notified and re+uested to mae the change manually System "dministrators=6anagers should ne%er e5pect a user to di%ulge their pass'ords System System "dmin "dminist istra rator tors s ha%e ha%e the respo responsi nsi#il #ility ity to ensur ensure e the compu computer ter system systems s and net'o net'or r infrastructure under their control are effecti%ely maintained System "dministrators; responsi#ilities include! Treating information a#out* and information stored #y* the system;s users as confidential and o taing reasona#le precautions precautions to ensure the security of a system or net'or and the information contained therein /issemination of information a#out specific policies and procedures that go%ern access to* and o use of* the system " 'ritten document gi%en to users* or messages posted on the computer system* shall #e considered ade+uate notice @nsuring the users on the systems adhere to VXG Security Policy o Taing reasona#le precautions against theft of* or damage to* system components o ,aithfully e5ecuting all hard'are and soft'are licensing agreements applica#le to the system o
IT Policies and Procedures
Page .
Coeco%ery System "dministrators should pro%ide an effecti%e #acup strategy in case of disaster System System loggin logging g shou should ld #e ept ept 'here 'here possi possi#l #le e on hard hard
User,-ogin names and Passwords
$sers 'ho ha%e accounts on multiple systems should use different pass'ords on each system This is e5tremely important Pass'ords should #e changed periodically? at one to three month inter%als $ser=Login names are not transfera#le #et'een users &o user may share their $ser=login name 'ith another user Pass'ords are not transfera#le #et'een users &o user may share their pass'ord 'ith another user $sers 'ill #e held responsi#le for any misuse of the computers and=or data resulting from di%ulgence or sharing of ones user name and pass'ords System "dministrators=6ana "dministrators=6anagers gers 'ill ne%er re+uest your pass'ord This practice should #e treated 'ith total mistrust especially if #y phone or email Should your pass'ord #e compromised you should immediately tae steps to change it
'ecurity Incident Processing
IT management 'ill coordinate all acti%ities associated 'ith a security incident "ny systems staff staff 'ho suspect a security #reach #reach must report report the incident incident directly to IT 6anagement 6anagement "ll other Systems Systems "dministration "dministration staff 'ithin VXG VXG should also also #e notified notified in a timely manner manner The IT 6anagement 'ill then assess 'hether the incident 'arrants reporting any further ,or ma:or incidents in%ol%ing computing installations outside VXG* IT 6anagement 6anagement if deemed necessary 'ill contact "$SC@>T 'ith the appropriate details
Viruses. Tro/an. and Worm Prevention
It is illegal* unethical and contrary to VXG policy to use PCs to generate %iruses* 'orms* or any malicious de%ices to contaminate other information systems "ll soft'are used on personal computers 'ithin VXG are to #e a legitimate licensed copy and adhere to the soft'are o'ners copyright conditions Introduction of %iruses and other contaminants can occur through a %ariety of channels! Soft'are introduced into or used on the system #y an outsider 'ho had access to the system o Soft'are used at home on an infected system o Soft'are purchased from a %endor 'ho has an infected production system o Infected soft'are from #ulletin #oards or the Internet o Soft'are intentionally infected #y a disgruntled user o In order to decrease the ris of %iruses and limit their spread! "nti<%irus soft'are is to #e installed on all VXG PC;s The "nti<%irus soft'are is to #e used to o scan computers and media for no'n %iruses* either as a precautionary measure or on a routine #asis Ahere applica#le* anti<%irus anti<%irus soft'are is to #e installed on all VXG ser%ers o Virus ;repair; soft'are should #e used 'ith caution and only in cases 'here %irus characteristics o are fully understood and the correct repair is certain "ny disettes of PC soft'are of uncertain or unauthorised origin should #e checed for %iruses o #efore use &e' shrin 'rapped soft'are should also #e checed #efore installation and=or use
IT Policies and Procedures
Page 1
@mail @mail can contain dangerous dangerous payloads payloads as attachme attachments? nts? these these are in the form of maliciou malicious s e5ecuta#le files &o e5ecuta#le attachments should #e opened and instead are to #e deleted on receipt These attachments ha%e file name e5tensions including #ut not limited to e5e* dll* #at* com These attachments are not necessarily necessarily detected #y anti %irus soft'are and therefore* therefore* irrespecti%e of the sender they should ne%er #e opened and run "ny %irus or other contaminated systems such as that #y Tro:an horse* malicious attachment should #e isolated immediately and reported to IT 6anagement 6aster soft'are disettes are to #e secured and maintained #y IT management o
IT Policies and Procedures
Page 70
Procedures *etwor+ Infrastructure Procedures General Procedures
"ll net'oring e+uipment critical to VXG operations operations are to #e under support=maintenance support=maintenance contracts in the e%ent of une5pected une5pected operational or technical difficulties The le%el of maintenance maintenance taen out is to #e appropriate for the importance of the net'oring e+uipment "ll net'or installation=up installation=upgrades grades 'ithin 'ithin VXG are to #e done in consultation consultation 'ith IT 6anageme 6anagement nt "ll re
'ystems !dministrator Procedures isaster Recovery
The admin administ istra rator tors s of the the %ariou %arious s ma:or ma:or machin machines es in VXG must must ha%e ha%e a contin continge gency ncy strate strategy gy for reco%ering from disasters This typically entails eeping off
%ac+ups
8acups are a critical systems maintenance tas and are often the final recourse after a total systems failure or disaster " complete complete and recent set of of #acups for each each system should should #e ept ept off
IT Policies and Procedures
Page 77
!dministration
>ele%ant security information should #e printed out in real time 'here practical The electronic form should #e checed daily for pro#lems If any a#normalities are found the printed logs should #e referenced to ensure no tampering has taen place The amount of logging performed is to #e assessed #y the rele%ant staff mem#er and should #e #ased on the importance of the machine and 'here it is situated 'ithin VXG net'or "ll unused net'or ser%ices should #e disa#led either in the inetdconf inetdconf file or remo%ing the in%ocation from the applica#le start
Procedure ocumentation
-perations procedures should #e ept in an operations manual or log #oo The primary purpose for this is to allo' the easy re
Recognition of Unauthorised !ctivity
The follo'ing can #e used to assist in the detection of unauthorised acti%ity of a computer system System logging should #e configured on all computer systems "ll system log files should #e checed checed regularly regularly Trip'ire should #e e5ecuted daily on applica#le systems* these systems include #ut are not limited to? ,ire'all hosts and machines used for monitoring and logging of system acti%ities The file system on each system should #e perused regularly #y the system administrators
IT Policies and Procedures
Page 79