Soumettre la recherche
Mettre en ligne
9780840024220 ppt ch10
•
Télécharger en tant que PPTX, PDF
•
0 j'aime
•
758 vues
K
Kristin Harrison
Suivre
Chapter 10
Lire moins
Lire la suite
Formation
Signaler
Partager
Signaler
Partager
1 sur 48
Télécharger maintenant
Recommandé
9780840024220 ppt ch12
9780840024220 ppt ch12
Kristin Harrison
9780840024220 ppt ch11
9780840024220 ppt ch11
Kristin Harrison
Comp8 unit6b lecture_slides
Comp8 unit6b lecture_slides
CMDLMS
8. operations security
8. operations security
7wounders
Lesson 2
Lesson 2
MLG College of Learning, Inc
Security Incident Handling for Schools
Security Incident Handling for Schools
eLearning Consortium 電子學習聯盟
File000170
File000170
Desmond Devendran
CISSP Week 9
CISSP Week 9
jemtallon
Recommandé
9780840024220 ppt ch12
9780840024220 ppt ch12
Kristin Harrison
9780840024220 ppt ch11
9780840024220 ppt ch11
Kristin Harrison
Comp8 unit6b lecture_slides
Comp8 unit6b lecture_slides
CMDLMS
8. operations security
8. operations security
7wounders
Lesson 2
Lesson 2
MLG College of Learning, Inc
Security Incident Handling for Schools
Security Incident Handling for Schools
eLearning Consortium 電子學習聯盟
File000170
File000170
Desmond Devendran
CISSP Week 9
CISSP Week 9
jemtallon
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset Security
Karthikeyan Dhayalan
Operations Security Presentation
Operations Security Presentation
Wajahat Rajab
File000169
File000169
Desmond Devendran
Cissp Week 23
Cissp Week 23
jemtallon
1. Security and Risk Management
1. Security and Risk Management
Sam Bowne
CISSP Week 12
CISSP Week 12
jemtallon
4 Operations Security
4 Operations Security
Alfred Ouyang
2. Asset Security
2. Asset Security
Sam Bowne
Lesson 2
Lesson 2
MLG College of Learning, Inc
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
Sam Bowne
The Adam - A process model for digital forensic practice
The Adam - A process model for digital forensic practice
Dr. Richard Adams
CISSP-WEB
CISSP-WEB
MEHMET FATIH YALDIZ
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical security
Karthikeyan Dhayalan
CISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset Security
Sam Bowne
File000171
File000171
Desmond Devendran
CISSP week 26
CISSP week 26
jemtallon
Fusing digital forensics, electronic discovery and incident response
Fusing digital forensics, electronic discovery and incident response
Dr. Richard Adams
9780840024220 ppt ch06
9780840024220 ppt ch06
Kristin Harrison
The Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
Adetula Bunmi
Chapter 1 Law & Ethics
Chapter 1 Law & Ethics
Karthikeyan Dhayalan
Network Security Monitoring - Theory and Practice
Network Security Monitoring - Theory and Practice
Michael Boman
9780840024220 ppt ch02
9780840024220 ppt ch02
Kristin Harrison
Contenu connexe
Tendances
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset Security
Karthikeyan Dhayalan
Operations Security Presentation
Operations Security Presentation
Wajahat Rajab
File000169
File000169
Desmond Devendran
Cissp Week 23
Cissp Week 23
jemtallon
1. Security and Risk Management
1. Security and Risk Management
Sam Bowne
CISSP Week 12
CISSP Week 12
jemtallon
4 Operations Security
4 Operations Security
Alfred Ouyang
2. Asset Security
2. Asset Security
Sam Bowne
Lesson 2
Lesson 2
MLG College of Learning, Inc
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
Sam Bowne
The Adam - A process model for digital forensic practice
The Adam - A process model for digital forensic practice
Dr. Richard Adams
CISSP-WEB
CISSP-WEB
MEHMET FATIH YALDIZ
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical security
Karthikeyan Dhayalan
CISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset Security
Sam Bowne
File000171
File000171
Desmond Devendran
CISSP week 26
CISSP week 26
jemtallon
Fusing digital forensics, electronic discovery and incident response
Fusing digital forensics, electronic discovery and incident response
Dr. Richard Adams
9780840024220 ppt ch06
9780840024220 ppt ch06
Kristin Harrison
The Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
Adetula Bunmi
Chapter 1 Law & Ethics
Chapter 1 Law & Ethics
Karthikeyan Dhayalan
Tendances
(20)
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset Security
Operations Security Presentation
Operations Security Presentation
File000169
File000169
Cissp Week 23
Cissp Week 23
1. Security and Risk Management
1. Security and Risk Management
CISSP Week 12
CISSP Week 12
4 Operations Security
4 Operations Security
2. Asset Security
2. Asset Security
Lesson 2
Lesson 2
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
The Adam - A process model for digital forensic practice
The Adam - A process model for digital forensic practice
CISSP-WEB
CISSP-WEB
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical security
CISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset Security
File000171
File000171
CISSP week 26
CISSP week 26
Fusing digital forensics, electronic discovery and incident response
Fusing digital forensics, electronic discovery and incident response
9780840024220 ppt ch06
9780840024220 ppt ch06
The Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
Chapter 1 Law & Ethics
Chapter 1 Law & Ethics
En vedette
Network Security Monitoring - Theory and Practice
Network Security Monitoring - Theory and Practice
Michael Boman
9780840024220 ppt ch02
9780840024220 ppt ch02
Kristin Harrison
Access2013 ch10
Access2013 ch10
Kristin Harrison
Access2013 ch05
Access2013 ch05
Kristin Harrison
Access2013 ch04
Access2013 ch04
Kristin Harrison
Access2013 ch06
Access2013 ch06
Kristin Harrison
Access2013 ch08
Access2013 ch08
Kristin Harrison
Chapter 10
Chapter 10
Kristin Harrison
Excel ch09
Excel ch09
Kristin Harrison
Chapter 13
Chapter 13
Kristin Harrison
Excel ch08
Excel ch08
Kristin Harrison
Excel ch06
Excel ch06
Kristin Harrison
Access2013 ch09
Access2013 ch09
Kristin Harrison
Excel ch05
Excel ch05
Kristin Harrison
9781305119215 rm, 10e ch03
9781305119215 rm, 10e ch03
Kristin Harrison
Excel ch10
Excel ch10
Kristin Harrison
Security monitoring and auditing
Security monitoring and auditing
balamurugan.k Kalibalamurugan
Feb 26 NETP Slide Deck
Feb 26 NETP Slide Deck
ddcomeau
Managing IT Security
Managing IT Security
Ajay Jassi
cloud-computing-brochure
cloud-computing-brochure
Nick Serafimov
En vedette
(20)
Network Security Monitoring - Theory and Practice
Network Security Monitoring - Theory and Practice
9780840024220 ppt ch02
9780840024220 ppt ch02
Access2013 ch10
Access2013 ch10
Access2013 ch05
Access2013 ch05
Access2013 ch04
Access2013 ch04
Access2013 ch06
Access2013 ch06
Access2013 ch08
Access2013 ch08
Chapter 10
Chapter 10
Excel ch09
Excel ch09
Chapter 13
Chapter 13
Excel ch08
Excel ch08
Excel ch06
Excel ch06
Access2013 ch09
Access2013 ch09
Excel ch05
Excel ch05
9781305119215 rm, 10e ch03
9781305119215 rm, 10e ch03
Excel ch10
Excel ch10
Security monitoring and auditing
Security monitoring and auditing
Feb 26 NETP Slide Deck
Feb 26 NETP Slide Deck
Managing IT Security
Managing IT Security
cloud-computing-brochure
cloud-computing-brochure
Similaire à 9780840024220 ppt ch10
E gov security_tut_session_12
E gov security_tut_session_12
Mustafa Jarrar
UniVerse11.2 Audit Logging
UniVerse11.2 Audit Logging
Rocket Software
9780840024220 ppt ch05
9780840024220 ppt ch05
Kristin Harrison
Chapter 7
Chapter 7
Seth Nurul
Chromatography Data System: Comply with Regulations
Chromatography Data System: Comply with Regulations
Chromatography & Mass Spectrometry Solutions
CISSP Week 22
CISSP Week 22
jemtallon
9780840024220 ppt ch09
9780840024220 ppt ch09
Kristin Harrison
Lec # 1 chapter 2
Lec # 1 chapter 2
rereelshahed
chapter12-120827115424-phpapp01.pdf
chapter12-120827115424-phpapp01.pdf
AxmedMaxamuud6
Chapter 12 Managing Systems Support and Security .pptx
Chapter 12 Managing Systems Support and Security .pptx
AxmedMaxamuudYoonis
DGI Compliance Webinar
DGI Compliance Webinar
SolarWinds
CH18-CompSec4e.pptx
CH18-CompSec4e.pptx
MuhammadYasirKhan36
Security 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and Reporting
Precisely
Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds
Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds
SolarWinds
Joe Buonomo-ASQ Presentation
Joe Buonomo-ASQ Presentation
Joe Buonomo
Wc4
Wc4
Said Wali
CISA_WK_4.pptx
CISA_WK_4.pptx
dotco
Supporting Contractors with NIST SP 800-171 Compliance
Supporting Contractors with NIST SP 800-171 Compliance
SolarWinds
Kaseya Connect 2013: Scaling Services for Profitability
Kaseya Connect 2013: Scaling Services for Profitability
Kaseya
Net essentials6e ch10
Net essentials6e ch10
APSU
Similaire à 9780840024220 ppt ch10
(20)
E gov security_tut_session_12
E gov security_tut_session_12
UniVerse11.2 Audit Logging
UniVerse11.2 Audit Logging
9780840024220 ppt ch05
9780840024220 ppt ch05
Chapter 7
Chapter 7
Chromatography Data System: Comply with Regulations
Chromatography Data System: Comply with Regulations
CISSP Week 22
CISSP Week 22
9780840024220 ppt ch09
9780840024220 ppt ch09
Lec # 1 chapter 2
Lec # 1 chapter 2
chapter12-120827115424-phpapp01.pdf
chapter12-120827115424-phpapp01.pdf
Chapter 12 Managing Systems Support and Security .pptx
Chapter 12 Managing Systems Support and Security .pptx
DGI Compliance Webinar
DGI Compliance Webinar
CH18-CompSec4e.pptx
CH18-CompSec4e.pptx
Security 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and Reporting
Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds
Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds
Joe Buonomo-ASQ Presentation
Joe Buonomo-ASQ Presentation
Wc4
Wc4
CISA_WK_4.pptx
CISA_WK_4.pptx
Supporting Contractors with NIST SP 800-171 Compliance
Supporting Contractors with NIST SP 800-171 Compliance
Kaseya Connect 2013: Scaling Services for Profitability
Kaseya Connect 2013: Scaling Services for Profitability
Net essentials6e ch10
Net essentials6e ch10
Plus de Kristin Harrison
rm, 10e ch02 copy
rm, 10e ch02 copy
Kristin Harrison
9780840024220 ppt ch08
9780840024220 ppt ch08
Kristin Harrison
9780840024220 ppt ch03
9780840024220 ppt ch03
Kristin Harrison
9780840024220 ppt ch04
9780840024220 ppt ch04
Kristin Harrison
9780840024220 ppt ch07
9780840024220 ppt ch07
Kristin Harrison
9780840024220 ppt ch01
9780840024220 ppt ch01
Kristin Harrison
Chapter 14
Chapter 14
Kristin Harrison
Chapter 12
Chapter 12
Kristin Harrison
Chapter 11
Chapter 11
Kristin Harrison
Chapter 09
Chapter 09
Kristin Harrison
Chapter 08
Chapter 08
Kristin Harrison
Chapter 07
Chapter 07
Kristin Harrison
Chapter 05
Chapter 05
Kristin Harrison
Chapter 06
Chapter 06
Kristin Harrison
Chapter 04
Chapter 04
Kristin Harrison
Chapter 01
Chapter 01
Kristin Harrison
Ppt2013 ch10
Ppt2013 ch10
Kristin Harrison
Ppt2013 ch09
Ppt2013 ch09
Kristin Harrison
Ppt2013 ch08
Ppt2013 ch08
Kristin Harrison
Plus de Kristin Harrison
(19)
rm, 10e ch02 copy
rm, 10e ch02 copy
9780840024220 ppt ch08
9780840024220 ppt ch08
9780840024220 ppt ch03
9780840024220 ppt ch03
9780840024220 ppt ch04
9780840024220 ppt ch04
9780840024220 ppt ch07
9780840024220 ppt ch07
9780840024220 ppt ch01
9780840024220 ppt ch01
Chapter 14
Chapter 14
Chapter 12
Chapter 12
Chapter 11
Chapter 11
Chapter 09
Chapter 09
Chapter 08
Chapter 08
Chapter 07
Chapter 07
Chapter 05
Chapter 05
Chapter 06
Chapter 06
Chapter 04
Chapter 04
Chapter 01
Chapter 01
Ppt2013 ch10
Ppt2013 ch10
Ppt2013 ch09
Ppt2013 ch09
Ppt2013 ch08
Ppt2013 ch08
Dernier
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
thorishapillay1
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
Celine George
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
Sabitha Banu
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
navabharathschool99
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
iammrhaywood
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
SpandanaRallapalli
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
Postal Advocate Inc.
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
Jisc
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
SherlyMaeNeri
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
9953056974 Low Rate Call Girls In Saket, Delhi NCR
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
nelietumpap1
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
Anupkumar Sharma
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
Celine George
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Celine George
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
Mark Reed
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
JoshuaGantuangco2
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
Conquiztadors- the Quiz Society of Sri Venkateswara College
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Mr Bounab Samir
Dernier
(20)
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
9780840024220 ppt ch10
1.
Guide to Network
Security 1st Edition Chapter Ten Auditing, Monitoring, and Logging
2.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Objectives • List the various events that should be monitored in network environments • Describe the various network logs available for monitoring • Discuss the various log management, SIEM, and monitoring technologies • Explain the role that configuration and change management play in auditing the network environment 2
3.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Objectives (cont’d.) • Discuss formal audit programs and how they relate to network environments • Describe Certification and Accreditation (C&A) programs implemented by the U.S. federal government and other international agencies 3
4.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Introduction • Auditing definitions – Review of organizational processes for compliance to policies, standards, or regulations – Procedure for recording and reviewing network or system events – Periodic self-review of a network environment • Systems monitoring – Ongoing review of a system or network – Objective: determine if results and events are within expected bounds 4
5.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Monitoring Network Systems • Tracking events that occur on the system • Log – Detailed chronological record of the operation of a computer system – Includes system use and modifications 5
6.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved What to Audit? • Event – Any action on the system or device that may be of interest • Security event – Event that may affect the system’s security • Process events – Relates to tasks performed by a computing system – Many processes may be underway simultaneously 6
7.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved What to Audit? (cont’d.) • Operating system process attributes – Memory – Operating system resources – Security attributes – Processor state • Services – Processes designed to operate without user interaction – Known as a daemon in Linux environment 7
8.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved 8 Figure 10-2 Windows 7 audit policy © Microsoft Windows
9.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved 9 Figure 10-4 Windows processes © Microsoft Windows
10.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved 10 Figure 10-6 Windows services © Microsoft Windows
11.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved What to Audit? (cont’d.) • Logon events – Audit systems typically log an event when: • User logs on or off • Attempt to log on fails • User starts or stops a network session • Group or permission change events – Attacker methodology: elevate privileges to those of administrator – Useful to track changes in group membership or when rights are elevated 11
12.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved What to Audit? (cont’d.) • Resource access events – Track when users or processes access files, directories, printers, and other system resources • Recording every possible detail for auditing – Number of events can be astronomical – Capture legitimate events as well as exceptions 12
13.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved 13 Table 10-1 Partial list of object access events that can be captured by Windows auditing © Cengage Learning 2013
14.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved What to Audit? (cont’d.) • Network connection events – Track communication sessions – Can be tracked at system level or at firewalls • Network data transfer events – Data leakage • Unauthorized release of data – Track Web sessions and amount of information transferred – Data leakage prevention • Implemented as software or an appliance • Looks for sensitive data leaving the network 14
15.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved What to Audit? (cont’d.) • System restart and shutdown events – Track when systems are booted, restarted, and shut down • Audit system or log events – Record various log occurrences • Logs reach capacity; logs are truncated – Attackers often delete or modify log records to conceal activity 15
16.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Log Management Policy • Comprehensive picture of IT environment health – Must collect, review, and retain aggregate logs • Some logging enabled by default – Others must be specifically activated • Central logging service – May be a central server • Log management practices – Storage • System must be able to handle amount of data generated 16
17.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Log Management Policy (cont’d.) • Log management practices (cont’d.) – Retention • Period of time a log file must be maintained • Understand regulatory requirements – Baseline • Measures activities during routine conditions – Encryption • Logs should be encrypted for storage – Disposal • Log files should be disposed after retention period 17
18.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Standard OS Logs • Windows-based logging – Logging managed by event viewer • Accessible from system control panel – Windows 7 logs divided into two categories • Windows logs • Applications and services logs • Windows standard logs – Application log 18
19.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved 19 Figure 10-9 Windows Event Viewer © Microsoft Windows
20.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Standard OS Logs (cont’d.) • Windows standard logs (cont’d.) – Security log – Setup log – System log – Forwarded events log – Application and services logs • Admin • Operational • Analytic • Debug 20
21.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Standard OS Logs (cont’d.) • Linux-based logging – Files vary by machine – Logs typically located in /var/log/ directory • Syslog – System logger – Multiple system utilities log using the same mechanism – Uses a configuration file 21
22.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved 22 Figure 10-18 Contents of a simple syslog.conf file © Linux
23.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Log Management Technology • Log management tool – Collects events from log files – Processes data – Stores results – Performs notification or alerting as required • Capabilities of log management technologies – Collect and centralize events to comply with industry regulations – Retain log information in accordance with company policy 23
24.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Log Management Technology (cont’d.) • Capabilities of log management technologies (cont’d.) – Normalize log information – Correlate events from various sources – Provide searching mechanisms – Provide reporting mechanisms • Security information and event management (SIEM) – Provides added level of intelligence – Groups events from various technologies, environments, and locations 24
25.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Log Management Technology (cont’d.) • Security operations center – Provides operational infrastructure to detect attacks – Staffed with information security professionals 25 Figure 10-20 ArcSight ESM dashboard © HP Enterprise Security, Arc Sight
26.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Configuration and Change Management (CCM) • Purpose: manage the effects of changes on an information system or network • Configuration management – Identification, inventory, and documentation of current system status • Change management – Addresses modifications to the base configuration 26
27.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Configuration Management • Configuration item – Hardware or software item to be modified and revised throughout its life cycle • Version – Recorded state of a revision of software or hardware configuration item – Format often used: M.N.b • M: major release • N: minor release • b: build within that release 27
28.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Configuration Management (cont’d.) • Major release – Significant revision from previous state • Minor release – Update or patch – Minor revision from previous state • Build – Snapshot of software linked from various component modules • Build list – List of component versions that make up the build 28
29.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Configuration Management (cont’d.) • Configuration – Collection of components that make up configuration item • Revision date – Date of a particular version or build • Software library – Collection of configuration items – Usually controlled – Developers use to construct revisions 29
30.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved 30 Figure 10-21 Configuration management process © Cengage Learning 2013
31.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Change Management • Seeks to prevent changes that adversely effect system security • Reduces risk by providing repeatable mechanism for modifications: – In a controlled environment • Change management process identifies steps required • Objectives of step-by-step procedure – Identifying, processing, tracking, and documenting changes 31
32.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Change Management (cont’d.) • Step 1: identify change – Define need for change – Submit change request to appropriate decision- making body • Step 2: evaluate change request – Factors: viability, correctness, cost, feasibility, and impact on security • Step 3: implementation decision – Approve, deny, or defer 32
33.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Change Management (cont’d.) • Step 4: implement approved change request – Move change from the test environment into production • Step 5: continuous monitoring – Purpose: ensure system is operating as intended 33
34.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Auditing (Formal Review) • Auditing must be performed by well-qualified individuals • Generally Accepted Auditing Standards (GASS) – General standards – Standards of field work – Reporting standards 34
35.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved IT Auditing • Information Systems Audit and Control Association – Published comprehensive standards and guidelines • Certified Information Systems Auditor Requirements – Five years of work experience – Pass exam covering five job-practice domain areas • Audit approach – Phase 1: initiation and planning • Engagement letter specifies service agreement between auditing team and requested entity 35
36.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved IT Auditing (cont’d.) • Audit approach (cont’d.) – Phase 2: fieldwork • On-site visit • Target organization must support auditors – Phase 3: analysis and review • Detailed analysis of site visit findings • Includes statistical analysis – Phase 4: final reporting • Formal report to the requesting entity – Phase 5: follow-up • Focuses on areas identified as deficient 36
37.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Systems Certification, Accreditation, and Authorization • Accreditation – What authorizes an IT system to process, store, or transmit information • Certification – Includes comprehensive evaluation of the security controls of an IT system – Supports the accreditation process – Determines to what extent the implementation meets specified security requirements • Reaccreditation and recertification required every few years 37
38.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Auditing for Government and Classified Information Systems • Categories of information processed by the federal government – National security information (NSI) – Non-NSI – Intelligence community • The categories are managed and operated by different government entities • NSI must be processed on national security systems (NSSs) – More stringent requirements than non-NSS systems 38
39.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved 39 Figure 10-22 Three-tiered approach to risk management © Cengage Learning 2013
40.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved 40 Figure 10-23 Risk management framework © Cengage Learning 2013
41.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Auditing and the ISO 27000 Series • ISO/IEC 17799 – Most widely recognized audit standard – Revised in 2005 – Renamed ISO 27002 in 2007 – Details are available to those who purchase the standard 41
42.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Auditing and the ISO 27000 Series (cont’d.) • ISO/IEC 27002 coverage areas – Risk assessment and treatment – Security policy – Organization of information security – Asset management – Human resource security – Physical and environmental security – Communications and operations – Access control 42
43.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Auditing and the ISO 27000 Series (cont’d.) • ISO/IEC 27002 coverage areas (cont’d.) – Information systems acquisition, development, and maintenance – Information security incident management – Business continuity management – Compliance • ISO/IEC 27001 – Provides broad overview of approach to implementing change – “Plan-Do-Check-Act” cycle 43
44.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved 44 Figure 10-24 Setting up an information security management system © Cengage Learning 2013
45.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Auditing and COBIT • Control Objectives for Information and Related Technology (COBIT) – Provides advice about implementation of sound information security controls – Planning tool for information security – Auditing framework controls model • COBIT presents 34 high level objectives – Objectives cover more than 200 control objectives • Categorized into four domains 45
46.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Auditing and COBIT (cont’d.) • COBIT domains – Plan and organize – Acquire and implement – Deliver and support – Monitor and evaluate 46
47.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Summary • Auditing definitions – Ongoing review of system’s functional data to evaluate proper operation – Periodic self-review of the network environment to evaluate it against policy requirements • Computer or device log – Provides detailed chronological records of the use and modification of the system • Log management includes storage, retention, baselining, encryption, and disposal 47
48.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Summary (cont’d.) • Log management solutions aid working with system logs – Capabilities: collect and process events, store and analyze results, and notify as required • Change and configuration management (CMM) controls effects of revisions on networks and information systems • ISO/IEC 27000 series of standards – The most widely recognized model for security assessment and practice 48
Télécharger maintenant