Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.

Similar presentations


Presentation on theme: "Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth."— Presentation transcript:

1 Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth Kearney-Lang Daureen Lingley-Chor

2 Selected Topics: The two areas of interest our team chose are: Firewall Management and Intrusion Detection, Intrusion Prevention Security Information Management – complement each other well – focusing on the safeguarding of company assets

3 Control Objectives Security Information Management: To control access to the Information Systems to prevent unauthorized use and to restrict authorized use. To ensure proper controls are in place to ensure data and system availability in order for the Information Systems to fully support the organization’s objectives.

4 Control Objectives Firewall Management and Intrusion Detection, Intrusion Prevention To ensure preventative, detective, and corrective measures are in place and working as intended to protect the Information System from intrusion. To ensure proper controls are in place to safeguard assets and prevent, detect and mitigate fraudulent activity.

5 Research Our research began with An Introduction to Computer Security: The NIST Handbook National Institute of Standards and Technology Special Publications: – SP 800-41 Revision 1 entitled Guidelines on Firewalls and Firewall Policy, – SP 800-61 Revision 1 entitled Computer Security Incident Handling Guide, – SP 800-94 entitled Guide to Intrusion Detection and Prevention Systems.

6 Research Collaboration: wikispaces Warious vendor website White Papers

7 Control for Firewall Management, Intrusion Detection & Prevention Implement and enforce Back-up Procedure – Category: Procedure – Type: General, Secondary, Corrective – Control Benefit: Up-to-date back-up if needed – Adverse Impact: Unnecessary extended downtime

8 Control Evidence In Place: Written documentation of procedure, documentation readily available in hardcopy or online. In Effect: All data will be properly backed up, personnel responsible for back-up procedure will have knowledge of procedure and documentation of all back-ups that occur.

9 Audit Steps In Place: Review written documentation of procedure and search for online copy. In Effect: Test and verify the existence of back- up data stores. Interview employees to determine responsibilities and accountable party.

10 Control for Security Information Management Written Acceptable Use Policy with required signature of employee – Category: Legal – Type: General, Secondary, Preventative – Control Benefit: Ensures employee knowledge of and responsibility to properly safeguard the system. – Adverse Impact: Lack of knowledge and responsibility would create usage problems and security issues

11 Control Evidence In Place: Documented Policy, documents with employees’ signatures. In Effect: Understanding of policy by employees, file of signed policies will exist.

12 Audit Steps In Place: Review documentation of policy and check for signatures of all active employees. In Effect: Interview employees and review file of signed policies.

13 Image Polymers Company, LLC Covisia Solution, Inc. Test of controls

14 Best Practices for the AUP Explain employee rights and monitoring expectations Educate employees on legal issues State the consequences of noncompliance Ensure that all the employees are informed about the AUP

15 Acceptable Use Policy The System, including the email system and Internet connections, is the property of the Company. Each employee is responsible for the use of the System and for observing all laws. In the event that any employee is found to have improperly used the System, he or she is subject to disciplinary action, up to and including immediate dismissal.

16 Acceptable Use Policy The company may review the following at its discretion: History of sent and received email by employees Contents of sent and received email by employees History of access to the WWW by employees Contents viewed by employees Time spent by employee on the www Voicemail messages

17 Challenge Audit Work Program

18 Questions?


Download ppt "Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth."

Similar presentations


Ads by Google