Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network and Telecommunications Audit

Published byClarissa Cain Modified over 6 years ago

Similar presentations

Presentation on theme: "Network and Telecommunications Audit"— Presentation transcript:

1 Network and Telecommunications Audit
Revised on 2014

2 Why we need to audit network?
Proliferation of computers Increased integration of systems Ramification of network failure CISB424, Sulfeeza

3 Network Vulnerabilities
Three (3) primary areas which network may be seen as vulnerable: Interception of data transmitted over the network Availability of communications for operations Unauthorized access through entry points CISB424, Sulfeeza

4 Network Vulnerabilities
CISB424, Sulfeeza

5 Risks related to failures in network security
Loss of reputation Loss of confidentiality Loss of information integrity User authentication failure System unavailability CISB424, Sulfeeza

6 1. Loss of Reputation CISB424, Sulfeeza

7 1. Loss of Reputation CISB424, Sulfeeza

8 Controls that can be implemented to reduce the risks of network failure
Interception of data: Good physical and logical security of network infrastructure and equipment Eg: Firewall Encryption Eg: Digital Certificate, Digital Signature CISB424, Sulfeeza

9 Controls that can be implemented to reduce the risks of network failure
Availability of communications: Good network architecture and monitoring. To ensure that between every resource and an access point there are redundant paths and automatic routing to switch the traffic to the available path (in case of communication failure) without loss of data or time. Every component in the network needs to be fault-tolerant or built with suitable redundancies. CISB424, Sulfeeza

10 Controls that can be implemented to reduce the risks of network failure
Unauthorized access: Limit the type of traffic that can come in or go out of the network Limit the origin and destination of the traffic (may allow traffic only from systems with specific addresses) Installing appropriate intrusion- detection systems CISB424, Sulfeeza

11 Auditing Network Security
Steps for IT auditors: What is network? What are the critical information assets in the network? Who has access? What are the connections to the external network? CISB424, Sulfeeza

12 Auditing Network Security
What is network? Review extent of network by examining the network diagram Assess adequacy and accuracy of network diagram Ascertain what processes exist to update and maintain network diagram CISB424, Sulfeeza

13 Auditing Network Security
What are the critical information assets in the network? Identify the critical assets, systems and services that need to be secured Assess whether systematic risks assessment is adopted CISB424, Sulfeeza

14 Auditing Network Security
Who has access? Identify who has access and for what purpose? Assess adequacy of given access privilege Assess impact of given access privilege to the network security CISB424, Sulfeeza

15 Auditing Network Security
What are the connections to the external network? Assess the security impact of connections to external network CISB424, Sulfeeza

16 Social Engineering Example of one of the common threats to network security Definitions: Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information (Source: Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures (Source: CISB424, Sulfeeza

17 Common social engineering attacks
from a friend Phishing attempts Baiting scenarios Creating distrust Social Engineering tips CISB424, Sulfeeza

18 A Sample Case In 2007, a mystery man who remains at large burgled safety deposit boxes at an ABN Amro bank in Belgium, stealing diamonds and other gems weighing 120,000 carats, in all. He visited the bank during regular business hours, overcame all of the bank's exceptional security mechanisms, and walked right out the door with €21 million (roughly $27.9 million at the time) worth of gemstones with no one the wiser, using absolutely no technology whatsoever. "He used one weapon -- and that is his charm -- to gain confidence," Philip Claes, spokesman for the Diamond High Council, said at the time. "He bought chocolates for the personnel, he was a nice guy, he charmed them, got the original of keys to make copies and got information on where the diamonds were. "You can have all the safety and security you want," said Claes "but if someone uses their charm to mislead people it won't help." CISB424, Sulfeeza

Download ppt "Network and Telecommunications Audit"

Similar presentations

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
CSA 223 network and web security Chapter one

CSA 223 network and web security Chapter one
Information Security Policies and Standards

Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
NETWORKS Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder.

NETWORKS Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Chapter 6 of the Executive Guide manual Technology.

Chapter 6 of the Executive Guide manual Technology.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
ACM 511 Introduction to Computer Networks. Computer Networks.

ACM 511 Introduction to Computer Networks. Computer Networks.
1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.

1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.

Similar presentations

Ads by Google