SlideShare une entreprise Scribd logo

Logging, monitoring and auditing

Télécharger en tant que PPTX, PDF
Piyush Jain
Piyush Jain

The document discusses logging, monitoring, auditing, and the importance of management review controls. It provides details on: - What a security audit involves, including assessing physical, software, network, and human aspects of an information system. - How security auditing works by testing adherence to internal IT policies and external standards/regulations. - The purpose of monitoring security logs to detect anomalies and threats, given the large volume of logs generated. - The benefits of logging, monitoring and reporting which include stronger governance, oversight, security and compliance. - How management review controls are important for an effective control environment and ensuring accuracy of key security documents.

Technologie
1  sur  26
Logging, Monitoring and Auditing
A security audit is a comprehensive assessment of your organization’s information system; typically, this assessment measures your information system’s security against an audit checklist of industry best practices, externally established standards, or federal regulations. A comprehensive security audit will assess an organization’s security controls relating to the following: ● physical components of your information system and the environment in which the information system is housed. ● applications and software, including security patches your systems administrators have already implemented. ● network vulnerabilities, including evaluations of information as it travels between different points within, and external of, your organization’s network ● the human dimension, including how employees collect, share, and store highly sensitive information. What is a security audit?
A security audit works by testing whether your organization’s information system is adhering to a set of internal or external criteria regulating data security. Internal criteria includes your company’s IT policies and procedures and security controls. External criteria include like federal regulations like the Health Insurance Portability and Accountability Act (HIPAA) and Cyber Audit India, and standards set by the International Organization for Standardization (ISO) or the National Cyber Safety and Security Standards. A security audit compares your organization’s actual IT practices with the standards relevant to your enterprise, and will identify areas for remediation and growth. How Does a Security Audit Work?
A security audit will provide a roadmap of your organization’s main information security weaknesses and identify where it is meeting the criteria the organization has set out to follow and where it isn’t. Security audits are crucial to developing risk assessment plans and mitigation strategies for organizations that deal with individuals’ sensitive and confidential data. What Is the Main Purpose of a Security Audit?
A security audit in cybersecurity will ensure that there is adequate protection for your organization’s networks, devices, and data from leaks, data breaches, and criminal interference. Security audits are one of three primary types of cybersecurity assessment strategies — the other two are penetration testing and vulnerability assessment, both of which involve running real-time tests on the strength of firewalls, malware, passwords, and data protection measures. What is Security Auditing in Cybersecurity?
A security audit consists of a complete assessment of all components of your IT infrastructure — this includes operating systems, servers, digital communication and sharing tools, applications, data storage and collection processes, and more. There are a few common components/steps: 1. Select Security Audit Criteria 2. Assess Staff Training 3. Monitor Network Logs 4. Identify Vulnerabilities 5. Implement Protections What Does a Security Audit Consist of?
Steps of Security Audit 1. Select Security Audit Criteria Determine which external criteria you want or need to meet, and use these to develop your list of security features to analyze and test. Also keep a record of your organization’s internal policies, if your IT team anticipates cybersecurity concerns that external criteria may not cover. 2. Assess Staff Training The more people who have access to highly sensitive data, the greater the chance for human error. Make sure there is a record of which staff members have access to sensitive information and which employees have been trained in cybersecurity risk management or compliance practices. Plan to train those who still require training.
3. Monitor Network Logs Monitor network activity and event logs. Keeping close track of logs will help to ensure only employees with the proper permissions are accessing restricted data, and that those employees are following the proper security measures. 4. Identify Vulnerabilities Before conducting a penetration test or vulnerability assessment, your security audit should uncover some of your most glaring vulnerabilities, like whether a security patch is outdated or employee passwords haven’t been changed in over a year. Regular security audits make penetration tests and vulnerability assessments more efficient and effective. Steps of Security Audit
5. Implement Protections Once you have reviewed the organization’s vulnerabilities and ensured that staff is trained and following the proper protocol, make sure the organization is employing internal controls to prevent fraud, like limiting users’ access to sensitive data. Check that wireless networks are secure, encryption tools are up-to-date, and that the proper anti-virus software has been installed and updated across the entire network. Steps of Security Audit
Companies need regular security audits: ● To make sure they are properly protecting their clients’ private information, complying with federal regulations, and avoiding liability and costly fines. ● To avoid penalties, companies need to keep up with ever-changing federal regulations like HIPAA and CAI. ● Periodic security audits are necessary to make sure your organization is up to speed with any new requirements. Why Do Companies Need Security Audits?
Security Audit Architecture • Event discriminator: logic embedded into the system software that monitors system activity and detects security-related events that it has been configured to detect. • Audit recorder: event discriminator sends event messages to the audit recorder. • Alarm processor: some events are alarm events sent to an alarm processor. • Security audit trail: list of formatted event records • Audit analyzer: based on a pattern of activity, may define a new auditable event that is sent to the audit recorder and may generate an alarm.
Security Audit Architecture • Audit archiver: extracts records from audit trail to create a permanent archive. • Archives: a permanent store of security-related events on this system. • Audit provider: an application and/or user interface to the audit trail. • Audit trail examiner: an application or user who examines the audit trail and the audit archives for historical trends, for computer forensic purposes / other analysis. • Security reports: the audit trail examiner prepares human-readable security reports.
Security Auditing Functions Data generation: Identifies the level of auditing, enumerates the types of auditable events Event selection: Inclusion or exclusion of events from the auditable set Event storage: Creation and maintenance of the secure audit trail Automatic response: reactions taken if detect a possible security violation event Audit analysis: automated mechanisms to analyze audit data in search of security violations Audit review: available to authorized users to assist in audit data review
Logging provides a record of events related to IT systems and processes. Each recorded event is a log entry, denoting information such as what occurred, when it occurred, and who or what caused it. A log might be as simple as a text list of application log-ons for a service host or as complex as a description of transactions across an ERP system. Benefits of Logging Successful logging offers value beyond compliance that includes support of overall IT functions including performance management, change management, security management, and project planning. Logging
Security logs provide little to no value if they are not monitored. In fact, attackers hedge their bet that their target does not monitor their logs. Log monitoring is essentially reviewing the recorded log entries for anomalous, abnormal, or suspicious events. While log monitoring can be performed manually, it is not efficient and should be reserved for more detailed analysis supported by automation. What is Monitoring?
The importance of monitoring security events via logs cannot be understated. Without active log monitoring, the likelihood that an attacker maintains an undetected persistent presence increases significantly. While the prevention of breaches is highly preferred, detection of a breach is a must, and the primary detection mechanism for breaches is the identification of anomalous activity in security logs. Why Is Monitoring Important?
Systems today generate incredible volumes of logs, so automation is essentially required in order to perform any reliable level of log monitoring and analysis. The primary tool used today for security log monitoring is a security information and event management (SIEM) platform. There are numerous SIEMs on the market today which provide a host of different capabilities, but the primary premise of a SIEM is to collect or ingest logs from multiple sources, perform or enable efficient analysis, and perform a designated action such as alerting on events of interest. Automation in Monitoring
The primary challenges regarding security logging and monitoring are the sheer volume of logs that are generated by information systems and applications and the lack of trained security staff to identify abnormal events using a SIEM or other automated techniques. Additional challenges include differing log formats based on the OS or application generating the log, differing log content which makes it difficult to follow a thread across multiple platforms, and non-standardized time stamps. Fortunately, today’s SIEM platforms are able to normalize log entries into a common, parsable format while also retaining the original log entry if required to support more in-depth analysis. What Are the Challenges to Logging and Monitoring?
Reporting refers to the generation (automatic or manual) of reports that indicate the status of IT controls designed to meet compliance goals. Reporting is intermeshed with both monitoring and logging, since reports can be based on the output of both monitoring and logging activities. To complicate the mix, some authorities—such as ISO 27002—require management to report on the effectiveness of reporting and monitoring controls. Benefits of Reporting Reports are the currency of compliance for auditors. Without reliable, accurate, consistent, and verifiable reporting, there can be no compliance assurance. Good reporting also helps IT managers to evaluate system and employee performance over time and provides input for balanced scorecards and other managerial mechanisms. Reporting
Stronger IT governance—Logging, monitoring, and reporting are the information lifeblood of compliance, risk management, and governance. They reveal problems, put performance indicators behind managerial decisions, and supply evidence for control assurance, and provide evidence for risk analyses. Better managerial oversight—By providing a record of real-world events, logs provide invaluable information that can validate or dispel managerial assumptions, reveal unrecognized performance issues, point to problem-specific solutions, and provide case studies for staff training. Benefits of logging, monitoring, and reporting
Support of corporate information security—Logs can provide a record of access and authentication events, note configuration or application changes that could compromise system integrity, record details of inbound and outbound information traffic, and provide a corpus of evidence for forensic investigation of security breaches. Stronger service-level agreements (SLAs)—Logs monitoring is a critical component of SLA assurance, revealing service interruptions, threats to network stability, and other critical evidence that support troubleshooting efforts. Performance validation—Logs and monitoring provide the basis for performance measurement, while reporting requirements ensure that managers have the information they need to make intelligent decisions about process changes that impact performance outcomes. Benefits of logging, monitoring, and reporting
More effective change control—Logs provide a record of configuration, application, network, and other types of changes that might otherwise go unnoticed by management. Regulatory Compliance—Logging, monitoring, and reporting provide both the means and data for auditing, intrusion monitoring, compliance monitoring, and ensuring adherence to segregation of duties. Benefits of logging, monitoring, and reporting
Management review controls are any key reviews performed by a company’s management over Security information such as estimates for reasonableness and accuracy. In most cases, a manager will review the specific Security document (e.g., log reports, etc.) prepared by a Security analyst, review the document in detail and work with the analyst to reconcile any discrepancies, and sign-off on the Security document. Management Control Reviews
Define the Matter: Define the matter with specific risks, focusing on the nature of potential errors and how they occur. Specify Objectives: Specify objectives by identifying the points within the process that could give rise to the specific risk(s) and evaluate whether the control attributes of the MRC sufficiently address each of those points. Identify Possibilities: Identify possibilities by challenging assumptions, ensuring clearly defined actions, including triggers for investigation and prescribed plans for resolution. Gather and analyze info: Gather and analyze information that depicts performance of each control attribute. Examine physical evidence of procedures performed, observe actions that occur, and evaluate their sufficiency to meet objectives. Reach conclusion: Reach conclusion as to the sufficiency of the control’s ability to prevent or detect specified risks. Has each objective been met appropriately? Reflect: Reflect on conclusions reached. Are each of the identified risk(s) sufficiently addressed through the controls after consideration of their design and implementation? Steps may be applied to an MRC
Management Review Controls are important because they are critical to an effective control environment. The documents reviewed as part of MRCs cover a wide spectrum - some examples include: ● Review of a reconciliation ● Review of journal entries ● Review for triggering events ● Review of the work supporting an estimate Why are Management Review Controls So Important?
Thank You

Recommandé

SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Soc
SocSoc
SocMukesh Chaudhari
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Logchuckbt
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 

Recommandé

SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Soc
SocSoc
SocMukesh Chaudhari
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Logchuckbt
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptxAjit Wadhawan
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)abhimanyubhogwan
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Huntingn|u - The Open Security Community
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhAurélie Henriot
 
system Security
system Security system Security
system Security Gaurav Mishra
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
Incident handling.final
Incident handling.finalIncident handling.final
Incident handling.finalahmad abdelhafeez
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsEoin Woods
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentationAlan Holyoke
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
 

Contenu connexe

Tendances

Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)abhimanyubhogwan
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhAurélie Henriot
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsEoin Woods
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 

Tendances (20)

SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Hunting
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
 
Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo Wazuh
 
system Security
system Security system Security
system Security
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
 
Incident handling.final
Incident handling.finalIncident handling.final
Incident handling.final
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of Us
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 

Similaire à Logging, monitoring and auditing

Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentationAlan Holyoke
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docxLynellBull52
 
Security auditing architecture
Security auditing architectureSecurity auditing architecture
Security auditing architectureVishnupriya T H
 
Why Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdfWhy Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdfaotmp2600
 
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Security Experts
 
Security-Monitoring-and-Improvement.pptx
Security-Monitoring-and-Improvement.pptxSecurity-Monitoring-and-Improvement.pptx
Security-Monitoring-and-Improvement.pptxMuhammadAbdullah311866
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxJoshJaro
 
Information systems and its components iii
Information systems and its components iiiInformation systems and its components iii
Information systems and its components iiiAshish Desai
 
What Every Organization Should Log And Monitor
What Every Organization Should Log And MonitorWhat Every Organization Should Log And Monitor
What Every Organization Should Log And MonitorAnton Chuvakin
 
Controls in Audit.pptx
Controls in Audit.pptxControls in Audit.pptx
Controls in Audit.pptxHardikKundra
 
Source Code Audit in Application Development.pptx
Source Code Audit in Application Development.pptxSource Code Audit in Application Development.pptx
Source Code Audit in Application Development.pptxGROWEXX LTD
 
Security metrics
Security metrics Security metrics
Security metrics PRAYAGRAJ11
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDITRos Dina
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)Muhammad Azmy
 

Similaire à Logging, monitoring and auditing (20)

Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
SDET UNIT 5.pptx
SDET UNIT 5.pptxSDET UNIT 5.pptx
SDET UNIT 5.pptx
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 
internet securityand cyber law Unit3 1
internet securityand cyber law Unit3 1internet securityand cyber law Unit3 1
internet securityand cyber law Unit3 1
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
 
Security auditing architecture
Security auditing architectureSecurity auditing architecture
Security auditing architecture
 
Why Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdfWhy Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdf
 
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
 
Security-Monitoring-and-Improvement.pptx
Security-Monitoring-and-Improvement.pptxSecurity-Monitoring-and-Improvement.pptx
Security-Monitoring-and-Improvement.pptx
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
 
Information systems and its components iii
Information systems and its components iiiInformation systems and its components iii
Information systems and its components iii
 
What Every Organization Should Log And Monitor
What Every Organization Should Log And MonitorWhat Every Organization Should Log And Monitor
What Every Organization Should Log And Monitor
 
Controls in Audit.pptx
Controls in Audit.pptxControls in Audit.pptx
Controls in Audit.pptx
 
Source Code Audit in Application Development.pptx
Source Code Audit in Application Development.pptxSource Code Audit in Application Development.pptx
Source Code Audit in Application Development.pptx
 
Security metrics
Security metrics Security metrics
Security metrics
 
Ch10 Conducting Audits
Ch10 Conducting AuditsCh10 Conducting Audits
Ch10 Conducting Audits
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
 

Plus de Piyush Jain

Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptxPiyush Jain
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access managementPiyush Jain
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operationsPiyush Jain
 
Assembly language
Assembly languageAssembly language
Assembly languagePiyush Jain
 
Windows internals
Windows internalsWindows internals
Windows internalsPiyush Jain
 

Plus de Piyush Jain (6)

Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptx
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access management
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operations
 
Assembly language
Assembly languageAssembly language
Assembly language
 
Windows internals
Windows internalsWindows internals
Windows internals
 

Dernier

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Dernier (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Logging, monitoring and auditing

  • 2. A security audit is a comprehensive assessment of your organization’s information system; typically, this assessment measures your information system’s security against an audit checklist of industry best practices, externally established standards, or federal regulations. A comprehensive security audit will assess an organization’s security controls relating to the following: ● physical components of your information system and the environment in which the information system is housed. ● applications and software, including security patches your systems administrators have already implemented. ● network vulnerabilities, including evaluations of information as it travels between different points within, and external of, your organization’s network ● the human dimension, including how employees collect, share, and store highly sensitive information. What is a security audit?
  • 3. A security audit works by testing whether your organization’s information system is adhering to a set of internal or external criteria regulating data security. Internal criteria includes your company’s IT policies and procedures and security controls. External criteria include like federal regulations like the Health Insurance Portability and Accountability Act (HIPAA) and Cyber Audit India, and standards set by the International Organization for Standardization (ISO) or the National Cyber Safety and Security Standards. A security audit compares your organization’s actual IT practices with the standards relevant to your enterprise, and will identify areas for remediation and growth. How Does a Security Audit Work?
  • 4. A security audit will provide a roadmap of your organization’s main information security weaknesses and identify where it is meeting the criteria the organization has set out to follow and where it isn’t. Security audits are crucial to developing risk assessment plans and mitigation strategies for organizations that deal with individuals’ sensitive and confidential data. What Is the Main Purpose of a Security Audit?
  • 5. A security audit in cybersecurity will ensure that there is adequate protection for your organization’s networks, devices, and data from leaks, data breaches, and criminal interference. Security audits are one of three primary types of cybersecurity assessment strategies — the other two are penetration testing and vulnerability assessment, both of which involve running real-time tests on the strength of firewalls, malware, passwords, and data protection measures. What is Security Auditing in Cybersecurity?
  • 6. A security audit consists of a complete assessment of all components of your IT infrastructure — this includes operating systems, servers, digital communication and sharing tools, applications, data storage and collection processes, and more. There are a few common components/steps: 1. Select Security Audit Criteria 2. Assess Staff Training 3. Monitor Network Logs 4. Identify Vulnerabilities 5. Implement Protections What Does a Security Audit Consist of?
  • 7. Steps of Security Audit 1. Select Security Audit Criteria Determine which external criteria you want or need to meet, and use these to develop your list of security features to analyze and test. Also keep a record of your organization’s internal policies, if your IT team anticipates cybersecurity concerns that external criteria may not cover. 2. Assess Staff Training The more people who have access to highly sensitive data, the greater the chance for human error. Make sure there is a record of which staff members have access to sensitive information and which employees have been trained in cybersecurity risk management or compliance practices. Plan to train those who still require training.
  • 8. 3. Monitor Network Logs Monitor network activity and event logs. Keeping close track of logs will help to ensure only employees with the proper permissions are accessing restricted data, and that those employees are following the proper security measures. 4. Identify Vulnerabilities Before conducting a penetration test or vulnerability assessment, your security audit should uncover some of your most glaring vulnerabilities, like whether a security patch is outdated or employee passwords haven’t been changed in over a year. Regular security audits make penetration tests and vulnerability assessments more efficient and effective. Steps of Security Audit
  • 9. 5. Implement Protections Once you have reviewed the organization’s vulnerabilities and ensured that staff is trained and following the proper protocol, make sure the organization is employing internal controls to prevent fraud, like limiting users’ access to sensitive data. Check that wireless networks are secure, encryption tools are up-to-date, and that the proper anti-virus software has been installed and updated across the entire network. Steps of Security Audit
  • 10. Companies need regular security audits: ● To make sure they are properly protecting their clients’ private information, complying with federal regulations, and avoiding liability and costly fines. ● To avoid penalties, companies need to keep up with ever-changing federal regulations like HIPAA and CAI. ● Periodic security audits are necessary to make sure your organization is up to speed with any new requirements. Why Do Companies Need Security Audits?
  • 11. Security Audit Architecture • Event discriminator: logic embedded into the system software that monitors system activity and detects security-related events that it has been configured to detect. • Audit recorder: event discriminator sends event messages to the audit recorder. • Alarm processor: some events are alarm events sent to an alarm processor. • Security audit trail: list of formatted event records • Audit analyzer: based on a pattern of activity, may define a new auditable event that is sent to the audit recorder and may generate an alarm.
  • 12. Security Audit Architecture • Audit archiver: extracts records from audit trail to create a permanent archive. • Archives: a permanent store of security-related events on this system. • Audit provider: an application and/or user interface to the audit trail. • Audit trail examiner: an application or user who examines the audit trail and the audit archives for historical trends, for computer forensic purposes / other analysis. • Security reports: the audit trail examiner prepares human-readable security reports.
  • 13. Security Auditing Functions Data generation: Identifies the level of auditing, enumerates the types of auditable events Event selection: Inclusion or exclusion of events from the auditable set Event storage: Creation and maintenance of the secure audit trail Automatic response: reactions taken if detect a possible security violation event Audit analysis: automated mechanisms to analyze audit data in search of security violations Audit review: available to authorized users to assist in audit data review
  • 14. Logging provides a record of events related to IT systems and processes. Each recorded event is a log entry, denoting information such as what occurred, when it occurred, and who or what caused it. A log might be as simple as a text list of application log-ons for a service host or as complex as a description of transactions across an ERP system. Benefits of Logging Successful logging offers value beyond compliance that includes support of overall IT functions including performance management, change management, security management, and project planning. Logging
  • 15. Security logs provide little to no value if they are not monitored. In fact, attackers hedge their bet that their target does not monitor their logs. Log monitoring is essentially reviewing the recorded log entries for anomalous, abnormal, or suspicious events. While log monitoring can be performed manually, it is not efficient and should be reserved for more detailed analysis supported by automation. What is Monitoring?
  • 16. The importance of monitoring security events via logs cannot be understated. Without active log monitoring, the likelihood that an attacker maintains an undetected persistent presence increases significantly. While the prevention of breaches is highly preferred, detection of a breach is a must, and the primary detection mechanism for breaches is the identification of anomalous activity in security logs. Why Is Monitoring Important?
  • 17. Systems today generate incredible volumes of logs, so automation is essentially required in order to perform any reliable level of log monitoring and analysis. The primary tool used today for security log monitoring is a security information and event management (SIEM) platform. There are numerous SIEMs on the market today which provide a host of different capabilities, but the primary premise of a SIEM is to collect or ingest logs from multiple sources, perform or enable efficient analysis, and perform a designated action such as alerting on events of interest. Automation in Monitoring
  • 18. The primary challenges regarding security logging and monitoring are the sheer volume of logs that are generated by information systems and applications and the lack of trained security staff to identify abnormal events using a SIEM or other automated techniques. Additional challenges include differing log formats based on the OS or application generating the log, differing log content which makes it difficult to follow a thread across multiple platforms, and non-standardized time stamps. Fortunately, today’s SIEM platforms are able to normalize log entries into a common, parsable format while also retaining the original log entry if required to support more in-depth analysis. What Are the Challenges to Logging and Monitoring?
  • 19. Reporting refers to the generation (automatic or manual) of reports that indicate the status of IT controls designed to meet compliance goals. Reporting is intermeshed with both monitoring and logging, since reports can be based on the output of both monitoring and logging activities. To complicate the mix, some authorities—such as ISO 27002—require management to report on the effectiveness of reporting and monitoring controls. Benefits of Reporting Reports are the currency of compliance for auditors. Without reliable, accurate, consistent, and verifiable reporting, there can be no compliance assurance. Good reporting also helps IT managers to evaluate system and employee performance over time and provides input for balanced scorecards and other managerial mechanisms. Reporting
  • 20. Stronger IT governance—Logging, monitoring, and reporting are the information lifeblood of compliance, risk management, and governance. They reveal problems, put performance indicators behind managerial decisions, and supply evidence for control assurance, and provide evidence for risk analyses. Better managerial oversight—By providing a record of real-world events, logs provide invaluable information that can validate or dispel managerial assumptions, reveal unrecognized performance issues, point to problem-specific solutions, and provide case studies for staff training. Benefits of logging, monitoring, and reporting
  • 21. Support of corporate information security—Logs can provide a record of access and authentication events, note configuration or application changes that could compromise system integrity, record details of inbound and outbound information traffic, and provide a corpus of evidence for forensic investigation of security breaches. Stronger service-level agreements (SLAs)—Logs monitoring is a critical component of SLA assurance, revealing service interruptions, threats to network stability, and other critical evidence that support troubleshooting efforts. Performance validation—Logs and monitoring provide the basis for performance measurement, while reporting requirements ensure that managers have the information they need to make intelligent decisions about process changes that impact performance outcomes. Benefits of logging, monitoring, and reporting
  • 22. More effective change control—Logs provide a record of configuration, application, network, and other types of changes that might otherwise go unnoticed by management. Regulatory Compliance—Logging, monitoring, and reporting provide both the means and data for auditing, intrusion monitoring, compliance monitoring, and ensuring adherence to segregation of duties. Benefits of logging, monitoring, and reporting
  • 23. Management review controls are any key reviews performed by a company’s management over Security information such as estimates for reasonableness and accuracy. In most cases, a manager will review the specific Security document (e.g., log reports, etc.) prepared by a Security analyst, review the document in detail and work with the analyst to reconcile any discrepancies, and sign-off on the Security document. Management Control Reviews
  • 24. Define the Matter: Define the matter with specific risks, focusing on the nature of potential errors and how they occur. Specify Objectives: Specify objectives by identifying the points within the process that could give rise to the specific risk(s) and evaluate whether the control attributes of the MRC sufficiently address each of those points. Identify Possibilities: Identify possibilities by challenging assumptions, ensuring clearly defined actions, including triggers for investigation and prescribed plans for resolution. Gather and analyze info: Gather and analyze information that depicts performance of each control attribute. Examine physical evidence of procedures performed, observe actions that occur, and evaluate their sufficiency to meet objectives. Reach conclusion: Reach conclusion as to the sufficiency of the control’s ability to prevent or detect specified risks. Has each objective been met appropriately? Reflect: Reflect on conclusions reached. Are each of the identified risk(s) sufficiently addressed through the controls after consideration of their design and implementation? Steps may be applied to an MRC
  • 25. Management Review Controls are important because they are critical to an effective control environment. The documents reviewed as part of MRCs cover a wide spectrum - some examples include: ● Review of a reconciliation ● Review of journal entries ● Review for triggering events ● Review of the work supporting an estimate Why are Management Review Controls So Important?