Manualshelf

User guide

ManualsBrandsAdash ManualsComputer equipment3600-MPX
919293949596979899100
iGuard/inSight User Guide
Release 7.0.0.4
89
Electronic Risk Modules (ERMs)
ERMs Electronic Risk Modules refer to packages of standard policies available on your system.
Each ERM is made up of a collection of related rules that monitor a specific type of activity on your
network. The default policy set is listed under the Policies tab.
ERMs are related to specific areas of business practices or unique industry niches.
For example, medical facilities may use an ERM implementing HIPAA regulations and other rules
relating to medical privacy, while accounting companies institutions may use policies ensuring
compliance with regulatory instruments like Sarbanes-Oxley.
By contrast, a pharmaceutical company may not use ERMs at all. Custom policies may be needed
to secure its patents and unique intellectual property.
Custom Policies
Standard policies (also known as Electronic Risk Modules) may not address all of the issues you
have on your network.
If so, you can create new policies from scratch, or you can open an existing policy and use it as a
template.
Note: Standard policies belong to administrators, but custom policies belong to the person who
created them.
Because custom policies are private by default, the creator should assign access rights to them
right away to make sure they are accessible to the intended users.
What is Activation?
If a policy or rule is in an Active state, that means that the data flagged by the rules will be
reported whenever there is a matching condition ("Hit").
If a policy or rule is Inactive, the capture engine is still using it to find data, but hits are not
reported.
The Inherit Policy State setting determines the activation relationship between a policy and its
rules.
Policy-Based Activation
Unlike the rule-based model, the policy-based activation model makes it possible to use the policy
as a single entity, eliminating the need to manage individual rules.
All standard policies shipped with iGuard have inheritance is enabled by default. It can only be
disabled at the rule level by changing the Inherit Policy State.
If a rule under a standard policy is to be tuned, its inheritance state must be Disabled until the
new definition of the rule is finalized. When tuning is complete, the inherit state is restored to
Enabled.
Activation and Inheritance
Policies and rules can be either Active or Inactive. Rules also have an inheritance state, which
defines a rule's relationship to its policy's state.