Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Day 10 - Identification: Using Your Help Desk to Identify Security Incidents SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Day 10 - Identification: Using Your Help Desk to Identify Security Incidents

For the tenth day of Cyber Security Awareness Month we remind our readers that one of the best ways to identify problems in your network is to let your employee or customer help desk be the equivalent of a "human intrusion detection system".  When they get more than two or three calls about the same problem, the help desk should be notifying the security team about what is going on.  It might not be an incident that needs handling, but it's definitely an event that deserves watching.

Do you have a good relationship with your help desk staff?  Do you include them in your security planning and preparation, especially as potential sources of information about the security posture of your networks?  What steps have you taken to train your organization's help desk to recognize emerging security incidents?

Send us your ideas and comments via our contact form and we'll add them to this diary throughout the day.

Marcus H. Sachs
Director, SANS Internet Storm Center

Marcus

301 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!