I’m a participant in a situation where we are trying to decide how to respond to perceived network security threats.
I’m interested in hearing whether it is more common to put faith in a policy or in the judgement of the individual who perceives the threat.
This was brought into focus by a situation in which a network administrator, acting alone, decided to block an IP based on some observations from the firewall log. Unfortunately, that IP belonged to a customer who was, at the moment, working with another member of the team in trying to resolve some connectivity problems.
Do any of you have a policy on how to respond (e.g. would approval be required before blocking a particular IP) or do you depend on each individual to use good judgement and balance security versus useability in each circumstance?
paul