Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Audit. What is a security audit? Policy based Assessment of risk Examines site methodologies and practices Dynamic Communication.

Published byLeona Brown Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Audit. What is a security audit? Policy based Assessment of risk Examines site methodologies and practices Dynamic Communication."— Presentation transcript:

1 Security Audit

2 What is a security audit? Policy based Assessment of risk Examines site methodologies and practices Dynamic Communication

3 Audit versus Logging What are the differences?

4 Audit Components Logger Analyzer Notifier

5 What kinds of Security Audits are there? Host Firewall Networks Large networks

6 Security Policies & Documentation What is a security policy? Components Who should write it? How long should it be? Dissemination It walks, it talks, it is alive.. RFC 1244 What if a written policy doesn't exist? Other documentation

7 Components of a Security Policy Who can use resources Proper use of the resources Granting access & use System Administrator privileges User rights & responsibilities What to do with sensitive information Desired security configurations of systems

8 RFC 1244 ­ ``Site Security Handbook'' Defines security policies & procedures Policy violations Interpretation Publicizing Identifying problems Incident response Updating

9 Other Documentation Hardware/software inventory Network topology Key personnel Emergency numbers Incident logs

10 Why do a Security Audit? Information is power Expectations Measure policy compliance Assessing risk & security level Assessing potential damage Change management Security incident response

11 When to audit? Emergency! Before prime time Scheduled/maintenance

12 Audit Schedules Individual Host 12­-24 months Large Networks 12­-24 months Network 12 months Firewall 6 months

13 Design Audit How to log? What to log? What will be the syntax? How to sanitize the logs?

14 How to do a Security Audit Pre­audit: verify your tools and environment Audit/review security policy Gather audit information Generate an audit report Take actions based on the report's findings Safeguard data & report

15 Verify your tools and environment The golden rule of auditing Bootstrapping problem Audit tools The Audit platform

16 The Golden Rule of Auditing Verify ALL tools used for the audit are untampered with. If the results of the auditing tools cannot be trusted, the audit is useless

17 The Bootstrapping Problem If the only way to verify that your auditing tools are ok is by using auditing tools, then..

18 Audit Tools ­ Trust? Write them yourself Find a trusted source (person, place) Verify them with a digital signature (MD5)

19 Audit Tools ­ the Hall of Fame SAINT/SATAN/ISS Nessus lsof /pff Nmap, tcpdump, ipsend MD5/DES/PGP COPS/Tiger Crack

20 Audit/review security policy Utilize existing or use ``standard'' policy Treat the policy as a potential threat Does it have all the basic components? Are the security configs comprehensive? Examine dissemination procedures

21 Security policy Treat the policy as a potential threat Bad policies are worse than none at all Good policies are very rare Look for clarity & completeness Poor grammar and spelling are not tolerated

22 Gather audit information Talk to/Interview people Review Documentation Technical Investigation

Download ppt "Security Audit. What is a security audit? Policy based Assessment of risk Examines site methodologies and practices Dynamic Communication."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Checking & Corrective Action

Checking & Corrective Action
Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.

Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Security Audit Prabhaker Mateti. What is a security audit? Policy based Assessment of risk Examines site methodologies and practices Dynamic Communication.

Security Audit Prabhaker Mateti. What is a security audit? Policy based Assessment of risk Examines site methodologies and practices Dynamic Communication.
MSIA 711 1 Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation.

MSIA Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation.
Information Security Policies and Standards

Information Security Policies and Standards
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.

Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.

SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015

Similar presentations

Ads by Google