Security Audit

Security Audit PowerPoint PPT Presentation


  • 150 Views
  • Uploaded on
  • Presentation posted in: General

2. Security Audit. ControlsSecurity logsRisk assessment. 3. Steps in Audit. Starts with policies and procedures in placeInitially the policy is treated as threat and audit focuses on how people and systems address the threatInterview employees and administratorsEvaluate technical aspects for s

Download Presentation

Security Audit

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


1. 1 Security Audit

2. 2 Security Audit Controls Security logs Risk assessment

3. 3 Steps in Audit Starts with policies and procedures in place Initially the policy is treated as threat and audit focuses on how people and systems address the threat Interview employees and administrators Evaluate technical aspects for security Review all data logs

4. 4 What to look for in audit? Are passwords difficult to crack? Are there access control lists (ACLs) in place on network devices to control who has access to shared data? Are there audit logs to record who accesses data? Are the audit logs reviewed? Are the security settings for operating systems in accordance with accepted industry security practices? Have all unnecessary applications and computer services been eliminated for each system? Are these operating systems and commercial applications patched to current levels? How is backup media stored? Who has access to it? Is it up-to-date? Is there a disaster recovery plan? Have the participants and stakeholders ever rehearsed the disaster recovery plan?

5. 5 What to look for in audit? Are there adequate cryptographic tools in place to govern data encryption, and have these tools been properly configured? Have custom-built applications been written with security in mind? How have these custom applications been tested for security flaws? How are configuration and code changes documented at every level? How are these records reviewed and who conducts the review?

6. 6 Why do security audit? Assess compliance aspects of policy Assess risk Assess level of security Evaluate security incident response

7. 7 Items to check in an audit

8. 8 Security Tools

9. 9 Audit components Preparation 10% Reviewing Policy/Docs 10% Talking/Interviewing 10% Technical Investigation 15% Reviewing Data 20% Writing Up 20% Report Presentation 5% Post Audit Actions 10% Source: Tech Support Alert website (see references)

10. 10 Audit Process Security audit team reports directly to CEO or the Board of Directors Types of security audits: Firewall (every 6 months) Network (every year)

11. 11 Auditors Usually third party companies specializing in security audit For internal audit, people with necessary security access privileges Technical expertise is a must

12. 12 References Security Audit http://www.porcupine.org/auditing/ Security Audit http://www.securityfocus.com/infocus/1697 How to perform security audit? http://www.techsupportalert.com/search/t04123.pdf Site Security Handbook. RFC 2196

13. 13 References packetstorm.security.com PacketStorm Security is a very good source of the latest security issues. www.rootshell.com Rootshell is another source of security issue information. This site hasn’t been updated in a while - however, the information provided is useful. www.l0pht.com L0pht is a “Black Hat” group that performs testing of commonly used tools for security issues. L0pht also produces a number of useful tools for testing system security.

14. 14 References www.securityfocus.com Bugtraq is a mailing list for the discussion and announcement of computer security vulnerabilities. Details of how to subscribe and archive for the mailing list can be found at the above website www.ntbugtraq.com NTBugtraq is the Windows platform version of the Bugtraq mailing list www.ciac.org/ciac CIAC (Computer Incident Advisory Capability) provides tools and advisory information.

15. 15 References www.cs.purdue.edu/coast/coast.html COAST (Computer Operations, Audit and Security Technology) is a research project into computer security at the Computer Sciences Department at Purdue University. COAST also boasts a large catalog of security and audit-related applications in their ftp archive. Security audit http://www.insecure.org/nmap

  • Login