Summer Regulatory Summit eBook

1. Firewalls – Reporting and Monitoring

o The Organization should work with the Managed Service Provider to receive firewall reports to ensure management oversight of the network is adequate. o Any significant concerns should be presented and discussed at the IT Committee. o Creating baseline metrics and measurables around network activity is the first step and should involve key risk indicators to give the Organization insight into anomalies and suspicious activities on the network. o The Organization's firewall rules should be audited or verified at least quarterly, and a report presented to the IT Committee.

RECOMMENDATION

© SBS CyberSecurity, LLC www.sbscyber.com

4