Information System Security. Nguyen Ho Minh Duc, M.Sc

Transcription

1 Information System Security Nguyen Ho Minh Duc, M.Sc

2 2 Lecture 04 AUDITING, TESTING AND MONITORING

3 Topics What security auditing and analysis are How to define your audit plan What auditing benchmarks are How to collect audit data What post-audit activities you need to perform How to perform security monitoring Which types of log information you should to capture How to verify security controls How to monitor and test your security systems 3

4 Goals Describe the practices and principles of systems audits Review ways to monitor systems, including log management and use of an instrusion detection system (IDS) or intrusion prevention system (IPS) Set metrics for system performance Assess an organization's security compliance 4

5 1. Security Auditing and Analysis The purpose of a security audit is to make sure your systems and security controls work as expected When reviewing your systems, you should check for the following: Are security policies sound and appropriate for the bussiness or activity? Are there controls supporting your policies? Is there effective implementation and upkeep of controls? 5

6 1.2 Security Controls Address Risk 6 Security controls place limits on activities that might pose a risk to your organization review security regularly to make sure your controls are current and effective. Security review includes the following activities: Monitor review and measure all controls to capture actions and changes on the system. Audit revew the logs and overall environment to provide independent analysis of how well the security policy and controls work Improve include proposals to improve the security program and controls in the audit results Secure ensure that the controls work and protect the intended level of security

7 1.2 Security Controls Address Risk 7 The security review cycle

8 1.3 Areas of Security Audits Review of your security policy to ensure it is up to date, relevant, communicated, and enforced test whether users or customers accept the controls test how well your infrastructure protects your application's data Audit all your organization's firewall and other network devices to ensure they function as intended and that their configurations comply with your security policy Audits can test the technologies themselves 8

9 2. Defining your Audit Plan Define the objectives and detemine which systems or business process to review Define which areas of assurance to check Identify the personnel who will participate in the audit Include a review of previous audits to become familiar with past issues 9

10 2.1 Defining the Scope of the Plan 10

11 3. Auditing Benchmarks A benchmark is the standard by which your system is compared to determine whether it is securely configured ISO ITIL Information Technology Infrastructure Library... 11

12 12

13 Areas of Security Audits 13

14 Post-Audit Activities Exit interviews Data analysis Generation of the audit report Findings Recommendations Timeline for implementation Level of risk Management Response Follow-up Presentation of findings to management 14

15 4. Security Monitoring Security monitoring systems might be technical in nature, such as an intrusion detection system (IDS) Some tools and techniques for security monitoring: Baselines Alarms Closed-circuit TV Systems that spot irregular behavior 15

16 4.1 Security Monitoring for Computer Systems Real-time monitoring Host IDS System integrity monitoring Non-real-time monitoring Application logging System logging 16

17 17

18 IDS 18

19 Layered Defense: Network Access Control 19

20