Intrusion detection policy
All modern enterprises must accept the fact that at some point their systems or networks will very likely experience an unauthorized intrusion of some kind. This is the state of the world’s current security environment and for the most part enterprises, especially well-managed ones, have come to terms with this fate while also doing their best to reduce risks and prepare for how to handle such security incidents.
A clear and concise plan of action will help counteract any intrusion into an enterprise network and mitigate potential damage. This sample policy establishes guidelines and procedures your organization can follow when your computer network is compromised.
From the policy:
The purpose of this policy is to establish guidelines for how network intrusions will be detected and to establish procedures for reacting and these remediating threats as well as efforts to mitigate these threats in the future.
This policy applies to all company-owned systems, networks, servers, and devices, all employee-owned devices used to conduct business operations, and all employees and contractors who monitor the network or servers for intrusions or who investigate/resolve intrusion issues.