Part 1: Corporate Operational benefits, Non-technical information for FSOs and ISSMs/ISSOs Part 2: Technical Tips on how to conduct a better audit review.

Slides:

Advertisements

Similar presentations

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Advertisements

Lesson 17: Configuring Security Policies

ISecurity Complete Product Series For System i. About Raz-Lee Internationally renowned System i solutions provider Founded in 1983; 100% focused on System.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Module 4: Implementing User, Group, and Computer Accounts

Security Controls – What Works

Information Security Policies and Standards

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lecture 11 Reliability and Security in IT infrastructure.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Network security policy: best practices

Module 8: Implementing Administrative Templates and Audit Policy.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

1 Chapter Overview Planning an Audit Policy Implementing an Audit Policy Using Event Viewer.

Module 2 Creating Active Directory ® Domain Services User and Computer Objects.

70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.

Securing Windows Servers Using Group Policy Objects

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning.

September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.

COEN 252 Computer Forensics

Managing Active Directory Domain Services Objects

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.

Designing Active Directory for Security

Managing User and Service Accounts

COEN 252 Computer Forensics Collecting Network-based Evidence.

Module 15: Manage the Windows ® Small Business Server 2008 Environment Using Group Policy.

Module 14: Configuring Server Security Compliance

Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.

Securing AD DS Module A 3: Securing AD DS

Module 7: Fundamentals of Administering Windows Server 2008.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Lesson 17-Windows 2000/Windows 2003 Server Security Issues.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Scott Charney Cybercrime and Risk Management PwC.

Module 7: Implementing Security Using Group Policy.

Module 10: Implementing Administrative Templates and Audit Policy.

Understand Audit Policies LESSON Security Fundamentals.

Privilege Management Chapter 22.

Module 7: Designing Security for Accounts and Services.

Module 14: Advanced Topics and Troubleshooting. Microsoft ® Windows ® Small Business Server (SBS) 2008 Management Console (Advanced Mode) Managing Windows.

4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

Configuring the User and Computer Environment Using Group Policy Lesson 8.

Managing User and Service Accounts

Team 1 – Incident Response

Configuring Windows Firewall with Advanced Security

Securing the Network Perimeter with ISA 2004

Joe, Larry, Josh, Susan, Mary, & Ken

BOMGAR REMOTE SUPPORT Karl Lankford

I have many checklists: how do I get started with cyber security?

Validating Your Information Security Program (ISP 3 of 3)

Lesson 16-Windows NT Security Issues

IS4680 Security Auditing for Compliance

BACHELOR’S THESIS DEFENSE

BACHELOR’S THESIS DEFENSE

BACHELOR’S THESIS DEFENSE

PLANNING A SECURE BASELINE INSTALLATION

Governing Your Enterprise with Policy-Based Management

Designing IIS Security (IIS – Internet Information Service)

Presentation transcript:

Part 1: Corporate Operational benefits, Non-technical information for FSOs and ISSMs/ISSOs Part 2: Technical Tips on how to conduct a better audit review Enhancing Information Security & IT Governance through a robust IS Auditing Program Jose Neto - CISSP, PMP, GPEN, CASP, CompTIA SME

Protecting your most valuable asset. What is IT Governance? How intense should my auditing efforts be? Quality audit reviews vs quick-glance reviews Auditing tools, auditing scripts and other automation techniques. Questions/FeedbackGlossary

In our current information age, what would you consider the most coveted or valuable asset? Proprietary, Intellectual, and Classified Information Over the past 12 months virtually every industry sector has been hit with some type of cyber threat. Protecting your most valuable asset

Entertainment Industry Food Service Industry Retail Office Supplies Financial Health Care Academia Travel – Airlines Social Connectivity Exchanges Defense Contractors Commercial Exploits

$7.1 Billion in 2014 (Gartner) 8.2% growth to reach $76.9 Billion Global IT Security Spending Security countermeasures Firewalls IDS/IPS Security Software Network security appliances

The implementation of these network security appliances will reduce the attack surface, but will not provide SBI without a comprehensive Information Systems Audit program. Collecting SBI (Security Business Intelligence)

Misconception of IS Auditing

1. Identify the need to protect information 2. Determine the proper access level for administrators and users 3. Implement and enforce the resulting policy 4. Monitor the information collected Business Challenge

Information Systems Audit refers to any audit that encompasses wholly or partly the review and evaluation of automated information processing systems, related non-automated processes and the interfaces among them. What exactly is Auditing and IS Auditing?

Ensuring an enterprise’s strategic objectives are not jeopardized by IT failures. IT Governance, Risk and IS Auditing

The first step begins with the proper configuration management of the system’s log settings. Having access to event information will provide the ability to discover and investigate suspicious system, security or application activity. The success of the IS Audit program will depend on the quality of the analysis and review of the logs. Proper log configuration

Individual Accountability Alerting users that they are personally accountable for the actions. Reconstruction of events This can be used to troubleshoot problems and determine if the problem was triggered by the user or the system. Intrusion detection This refers to the process of identifying attempts to penetrate a system or unauthorized access. NIST Objectives for Audit Trails

No matter how small or how complex a system is, how can you be certain and confident on your security program unless someone is properly monitoring it. The need for auditing

Audit account logon events Audit account management Audit directory service access Audit object access Audit policy change Audit privilege use Audit process tracking Audit system events Comprehensive IS Auditing

Event Comb MT (Windows 2003/2008 environments) Collect and parse windows events from multiple event logs on different computers. Event Comb MT

Windows PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and associated scripting language built on the.NET Framework. #Get all Security Events Get-EventLog security #Windows 2008 Get-EventLog -log Security | ? EventID -EQ 4740 #Windows 2003 Get-EventLog -log Security | ? EventID -EQ 644 PowerShell (Windows 2003/7/2008 environments)

Free Microsoft Tool to collect, filter events in an SQL-like environment. The tool also has the ability to create reports and graphic charts. Log Parser and Log Parser Studio

Check for Event ID in the “system log” instead of the “security log”, because the account lockout threshold is not applicable to the default administrator account. Check for Event ID 627 “Change password attempt”. Ensure that both the Primary account name to Target Account name are both the same, otherwise this represents a third party attempting to change credentials. Check for Event ID 628 “User account password reset”. Records the reset of a password through and administrative interface such as active directory. Advanced Auditing tips & tricks

Check for Event ID 624 “Creating a user account”. Monitor that only authorized individuals create new accounts. Check for Event ID 642 “Changing a user account”. Monitor that only authorized individuals can modify security-related properties. Check for Event ID 576 “Special Privileges assigned to new logon”. Monitor this ID for new sessions that possess administrator level access. Advanced Auditing tips & tricks continued..

Questions ?