I need your team to draft monitoring procedures for C-Bay's network.

Please be sure to include instructions for defining normal system function and network activity: i.e., set “characterizations.” These will prove essential for our intrusion detection and analysis tools to differentiate and separate suspicious behavior from normal system and network activity.

Remember that a company of C-Bay's size is not yet large enough to implement a reactive policy where employees can continuously monitor all suspicious activity, so your procedures need to focus on a more proactive approach. This is where characterizations of normal system and network activity will play a particularly important role.

What I'd like to see at the end of the week is a set of practical, easy-to-follow monitoring procedures for C-Bay. Also, keep in mind that we'll be using these procedures to assess our needs for purchasing intrusion detection tools and software.

Thanks,
IT Director