Auditing for Security Management By Cyril Onwubiko Network Security Analyst at COLT Telecom Invited Guest Lecture delivered at London Metropolitan University,

Slides:



Advertisements
Similar presentations
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Advertisements

BalaBit Shell Control Box
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Control and Accounting Information Systems
NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.
Agenda COBIT 5 Product Family Information Security COBIT 5 content
Access Control Chapter 3 Part 5 Pages 248 to 252.
Security Controls – What Works
Information Security Policies and Standards
Forensic and Investigative Accounting
1 An Overview of Computer Security computer security.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Computer Security: Principles and Practice
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
Session 3 – Information Security Policies
Network security policy: best practices
Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.
University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Compliance: A Traditional Risk-Based Audit Approach GR-ISSA Lloyd Guyot, MCS GSEC Sarbanes-Oxley USA PATRIOT Act Gramm-Leach-Bliley … more November, 2005.
SEC835 Database and Web application security Information Security Architecture.
Information Security Update CTC 18 March 2015 Julianne Tolson.
Overview of Systems Audit
COEN 252 Computer Forensics
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
ISMS for Mobile Devices Page 1 ISO/IEC Information Security Management System (ISMS) for Mobile Devices Why apply ISMS to Mobile Devices? Overview.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
GRC - Governance, Risk MANAGEMENT, and Compliance
Chapter Three IT Risks and Controls.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
7-Oct-15 System Auditing. AUDITING Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Unit 4 IT 484 Networking Security Course Name – IT Networking Security 1203C Term Instructor.
Information Systems Security Operations Security Domain #9.
Lesson 5-Legal Issues in Information Security. Overview U.S. criminal law. State laws. Laws of other countries. Issues with prosecution. Civil issues.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.
Working with HIT Systems
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
© ITT Educational Services, Inc. All rights reserved.Page 1 IS3230 Access Security © ITT Educational Services, Inc. All rights reserved. IS3230 Access.
Chapter 9: Introduction to Internal Control Systems
Csci5233 Computer Security & Integrity 1 Overview of Security & Java (based on GS: Ch. 1)
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.
Part 1: Corporate Operational benefits, Non-technical information for FSOs and ISSMs/ISSOs Part 2: Technical Tips on how to conduct a better audit review.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Information Security tools for records managers Frank Rankin.
Contingency Management Indiana University of Pennsylvania John P. Draganosky.
Welcome to the ICT Department Unit 3_5 Security Policies.
IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
 December 2010 US Chief Information Officer Vivek Kundra released the Federal Cloud Computing Strategy. This became to be what is known as “Cloud First”
© 2016 Health Information Management Technology: An Applied Approach Chapter 10 Data Security.
Cybersecurity - What’s Next? June 2017
Design for Security Pepper.
Chapter 9 Control, security and audit
County HIPAA Review All Rights Reserved 2002.
Drew Hunt Network Security Analyst Valley Medical Center
Presentation transcript:

Auditing for Security Management By Cyril Onwubiko Network Security Analyst at COLT Telecom Invited Guest Lecture delivered at London Metropolitan University, for the MSc in IT Security Students. A copy of this presentation is available at London Metropolitan University

 Background  Practice  Audit Trail Analysis Overview

London Metropolitan University Background

Networking and Communications Group Problem Statement To asses the effectiveness of an organisation ability to protect its valued/critical asset:  To asses the effectiveness of an organisation ability to protect its valued/critical asset:  To Evaluate/Examine:  Policy  Processes and Procedures  Operations London Metropolitan University Context Why Security Audit is performed to ensure:  Security Audit is performed to ensure:  Compliance with Standards & Laws  Valued assets are protected  To Recommend:  Improvement and Enforce Controls

Practice London Metropolitan University

Networking and Communications Group General Concept London Metropolitan University Auditing Security Policy Backup controls Logging & Monitoring Data Protection System and Network Protection Disaster Recovery Compliance Web Usage & Filtering Security Threats Security Vulnerability Business Continuity Physical Access

Networking and Communications Group Things to Consider before an Audit?  Who to Use:  Internal Auditor  External Auditor  Type of Audit:  IS Technical: - Minimise Loss/Failure  IS Efficiency: - Minimise Costs and Increase RoI  IS Assessment: - Certification & Compliance  Software Assessment: - Inventory/People/Performance  Information Security: - Verify Compliance/Best Practices.  Guarantee:  Due Care London Metropolitan University

Networking and Communications Group  Authority:  ISACA: Information Security Audit & Control Association  Recommend Computer Systems Audit and controls.  Example: COBIT - Control Objectives for Information & related Technology (IT Governance Institute)  Laws:  HIPAA: Health Insurance Portability & Accountability Act  Responsible for ensuring health information are protected and secured.  Protected Health Information (PHI) Guidelines London Metropolitan University

Networking and Communications Group  Laws:  GLBA: Gramm-Leach-Bliley Act  Financial Section guideline for IS Controls  Provides Risk Management Controls  CISAA: Corporate Information Security Accountability Act  Information Security Accountability Controls  GAISP – Generally accepted information security principles  CSBIA: California Security Breach Information Act  Disclosure of security breaches  Responsible to: Shareholders, Customers & 3rd parties. Guidelines-2 London Metropolitan University

Networking and Communications Group Audit Trail Analysis

Networking and Communications Group Security Audit London Metropolitan University Audit How?Who?What?When?Where?Which?

Networking and Communications Group  A collection of logged Computer Network Events:  Comprising of –  Operating System,  Application and  User Activities  Example :  Syslog, Sulog, Lastlog and EventViewer Audit Trail Analysis Audit Trail: London Metropolitan University

Networking and Communications Group Audit Policy Fig. 1: Event Viewer London Metropolitan University Fig. 2: Audit Policy

Networking and Communications Group Data Analysers  Intrusion Detection Systems  Integrity Checks – Example Tripwire  Security Information Management Systems – Example Arcsight & SEC  Accountability Tools – Example RADIUS & Loglogic  Investigation – Security Forensic  Recovery – Business Continuity, Backup Controls London Metropolitan University

Sample Event Log – Anonymity~ised London Metropolitan University more./messages | grep backupuser Mar 20 05:21: Mar :40:04: %PIX : User logged in: Uname: backupuser Mar 20 05:21: Mar :45:56: %PIX : SSH session from on interface testbackup-mgmt for user "backupuser" Mar 20 05:21: Mar :59:59: %PIX : Authentication succeeded for user 'backupuser' from /24936 to /22 on interface testbackup-mgmt Mar 20 05:21: Mar :59:59: %PIX : Login permitted from /24936 to testbackup-mgmt: /ssh for user "backupuser"

Networking and Communications Group Correlation London Metropolitan University Event 1Event 2 Event 3 Incident Fig. 3: Events correlated to an incident h4 h2 h5 h3 h1 Fig. 4: Example of a Port scan incident

 SEC (Simple Event Correlator)  OS-SIM (Open Source Security Information Management)  PADS (Passive Asset Detection Systems)  SNORT – Open Source IDS  BASE (Basic Analysis Security Engine), E.g. Alert Management Open Source Initiatives  Software  PreventSys – McAfee PreventSys Risk and Compliance Audit  QualysGuard Consultant  Proactive Monitoring Technique: London Metropolitan University

Networking and Communications Group Conclusion  Audit for management aims to evaluate:  Policies, practices and operations  For compliance, detection, protection and forensic.  Requires Tools and Techniques  Recommendations:  Periodic security audit to assess if security needs are satisfied  Make contingency, business continuity and disaster recovery plans in case controls fail. London Metropolitan University

Networking and Communications Group Resources/References 1.CEE: Common Event Expression 2.PreventSys QualysGuard Consultant CAPEC: Common Attack Pattern Enumeration and Classification ATFG: Audit Trails Format Group SEC: Simple Event Correlator BASE: Basic Analysis and Security Engine ISACA – 9.COBIT – 10.HIPAA - London Metropolitan University

Networking and Communications Group Question & Answer Thank-You Author’s Contact: A copy of this presentation is available at: London Metropolitan University

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.