Presentation is loading. Please wait.

Presentation is loading. Please wait.

Auditing for Security Management By Cyril Onwubiko Network Security Analyst at COLT Telecom Invited Guest Lecture delivered at London Metropolitan University,

Published byMaximilian Quinn Modified over 9 years ago

Similar presentations

Presentation on theme: "Auditing for Security Management By Cyril Onwubiko Network Security Analyst at COLT Telecom Invited Guest Lecture delivered at London Metropolitan University,"— Presentation transcript:

1 Auditing for Security Management By Cyril Onwubiko Network Security Analyst at COLT Telecom Invited Guest Lecture delivered at London Metropolitan University, for the MSc in IT Security Students. A copy of this presentation is available at http://www.research-series.com/cyril London Metropolitan University

2  Background  Practice  Audit Trail Analysis Overview

3 London Metropolitan University Background

4 Networking and Communications Group Problem Statement To asses the effectiveness of an organisation ability to protect its valued/critical asset:  To asses the effectiveness of an organisation ability to protect its valued/critical asset:  To Evaluate/Examine:  Policy  Processes and Procedures  Operations London Metropolitan University Context Why Security Audit is performed to ensure:  Security Audit is performed to ensure:  Compliance with Standards & Laws  Valued assets are protected  To Recommend:  Improvement and Enforce Controls

5 Practice London Metropolitan University

6 Networking and Communications Group General Concept London Metropolitan University Auditing Security Policy Backup controls Logging & Monitoring Data Protection System and Network Protection Disaster Recovery Compliance Web Usage & Filtering Security Threats Security Vulnerability Business Continuity Physical Access

7 Networking and Communications Group Things to Consider before an Audit?  Who to Use:  Internal Auditor  External Auditor  Type of Audit:  IS Technical: - Minimise Loss/Failure  IS Efficiency: - Minimise Costs and Increase RoI  IS Assessment: - Certification & Compliance  Software Assessment: - Inventory/People/Performance  Information Security: - Verify Compliance/Best Practices.  Guarantee:  Due Care London Metropolitan University

8 Networking and Communications Group  Authority:  ISACA: Information Security Audit & Control Association  Recommend Computer Systems Audit and controls.  Example: COBIT - Control Objectives for Information & related Technology (IT Governance Institute)  Laws:  HIPAA: Health Insurance Portability & Accountability Act  Responsible for ensuring health information are protected and secured.  Protected Health Information (PHI) Guidelines London Metropolitan University

9 Networking and Communications Group  Laws:  GLBA: Gramm-Leach-Bliley Act  Financial Section guideline for IS Controls  Provides Risk Management Controls  CISAA: Corporate Information Security Accountability Act  Information Security Accountability Controls  GAISP – Generally accepted information security principles  CSBIA: California Security Breach Information Act  Disclosure of security breaches  Responsible to: Shareholders, Customers & 3rd parties. Guidelines-2 London Metropolitan University

10 Networking and Communications Group Audit Trail Analysis

11 Networking and Communications Group Security Audit London Metropolitan University Audit How?Who?What?When?Where?Which?

12 Networking and Communications Group  A collection of logged Computer Network Events:  Comprising of –  Operating System,  Application and  User Activities  Example :  Syslog, Sulog, Lastlog and EventViewer Audit Trail Analysis Audit Trail: London Metropolitan University

13 Networking and Communications Group Audit Policy Fig. 1: Event Viewer London Metropolitan University Fig. 2: Audit Policy

14 Networking and Communications Group Data Analysers  Intrusion Detection Systems  Integrity Checks – Example Tripwire  Security Information Management Systems – Example Arcsight & SEC  Accountability Tools – Example RADIUS & Loglogic  Investigation – Security Forensic  Recovery – Business Continuity, Backup Controls London Metropolitan University

15 Sample Event Log – Anonymity~ised London Metropolitan University more./messages | grep backupuser Mar 20 05:21:00 10.0.0.2 Mar 20 2008 04:40:04: %PIX-5-611103: User logged in: Uname: backupuser Mar 20 05:21:22 10.0.0.1 Mar 20 2008 04:45:56: %PIX-6-315011: SSH session from 10.0.0.3 on interface testbackup-mgmt for user "backupuser" Mar 20 05:21:24 10.0.0.2 Mar 20 2008 04:59:59: %PIX-6-109005: Authentication succeeded for user 'backupuser' from 10.0.0.3/24936 to 10.0.0.2/22 on interface testbackup-mgmt Mar 20 05:21:24 10.0.0.2 Mar 20 2008 04:59:59: %PIX-6-605005: Login permitted from 10.0.0.3/24936 to testbackup-mgmt:10.0.0.2/ssh for user "backupuser"

16 Networking and Communications Group Correlation London Metropolitan University Event 1Event 2 Event 3 Incident Fig. 3: Events correlated to an incident h4 h2 h5 h3 h1 Fig. 4: Example of a Port scan incident

17  SEC (Simple Event Correlator)  OS-SIM (Open Source Security Information Management)  PADS (Passive Asset Detection Systems)  SNORT – Open Source IDS  BASE (Basic Analysis Security Engine), E.g. Alert Management Open Source Initiatives  Software  PreventSys – McAfee PreventSys Risk and Compliance Audit  QualysGuard Consultant  Proactive Monitoring Technique: London Metropolitan University

18 Networking and Communications Group Conclusion  Audit for management aims to evaluate:  Policies, practices and operations  For compliance, detection, protection and forensic.  Requires Tools and Techniques  Recommendations:  Periodic security audit to assess if security needs are satisfied  Make contingency, business continuity and disaster recovery plans in case controls fail. London Metropolitan University

19 Networking and Communications Group Resources/References 1.CEE: Common Event Expression http://cee.mitre.org/http://cee.mitre.org/ 2.PreventSys - http://www.mcafee.com/us/enterprise/products/risk_management/index.html http://www.mcafee.com/us/enterprise/products/risk_management/index.html 3.QualysGuard Consultant - http://www.qualys.com/partners/qgcon/http://www.qualys.com/partners/qgcon/ 4.CAPEC: Common Attack Pattern Enumeration and Classification http://capec.mitre.org/data/index.html http://capec.mitre.org/data/index.html 5.ATFG: Audit Trails Format Group http://www.cerias.purdue.edu/about/history/coast/projects/audit-trails-format.html http://www.cerias.purdue.edu/about/history/coast/projects/audit-trails-format.html 6.SEC: Simple Event Correlator - http://kodu.neti.ee/~risto/sec/http://kodu.neti.ee/~risto/sec/ 7.BASE: Basic Analysis and Security Engine - http://base.secureideas.net/screens.php http://base.secureideas.net/screens.php 8.ISACA – www.isaca.orgwww.isaca.org 9.COBIT – www.isaca.org/cobitwww.isaca.org/cobit 10.HIPAA - http://www.hipaa.org/http://www.hipaa.org/ London Metropolitan University

20 Networking and Communications Group Question & Answer Thank-You Author’s Contact: cyril@research-series.com A copy of this presentation is available at: http://www.research-series.com/cyril London Metropolitan University

Download ppt "Auditing for Security Management By Cyril Onwubiko Network Security Analyst at COLT Telecom Invited Guest Lecture delivered at London Metropolitan University,"

Similar presentations

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
BalaBit Shell Control Box

BalaBit Shell Control Box
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Control and Accounting Information Systems

Control and Accounting Information Systems
NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.

NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Access Control Chapter 3 Part 5 Pages 248 to 252.

Access Control Chapter 3 Part 5 Pages 248 to 252.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Forensic and Investigative Accounting

Forensic and Investigative Accounting
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network security policy: best practices

Network security policy: best practices
Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.

Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.
University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.

University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Compliance: A Traditional Risk-Based Audit Approach GR-ISSA Lloyd Guyot, MCS GSEC Sarbanes-Oxley USA PATRIOT Act Gramm-Leach-Bliley … more November, 2005.

Compliance: A Traditional Risk-Based Audit Approach GR-ISSA Lloyd Guyot, MCS GSEC Sarbanes-Oxley USA PATRIOT Act Gramm-Leach-Bliley … more November, 2005.

Similar presentations

Ads by Google