Copyright 2001 Marchany, SANS Institute1 Auditing Networks, Perimeters and Systems Appendices/Supplemental Material The SANS Institute.

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

IT Security Policy Framework
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Software Quality Assurance Plan
Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Security Controls – What Works
Forensic and Investigative Accounting
Educause MARC 2003Copyright 2002, Marchany1 Risk Analysis Know what to protect before protecting it…. Unit 2 – Security, Targetting & Analysis of Risk.
10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
Uniqueness of user names is enforced Customer information logged to database Require contact information as well as address address will.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Computer Security: Principles and Practice
The Information Systems Audit Process
Network security policy: best practices
Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Ensuring Information Security
Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.
SEC835 Database and Web application security Information Security Architecture.
INFORMATION SECURITY REGULATION COMPLIANCE By Insert name dd/mm/yyyy senior leadership training on the primary regulatory requirements,
General Awareness Training
Evolving IT Framework Standards (Compliance and IT)
Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.
Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.
SECURITY POLICIES Indu Ramachandran. Outline General idea/Importance of security policies When security policies should be developed Who should be involved.
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
Lecture #9 Project Quality Management Quality Processes- Quality Assurance and Quality Control Ghazala Amin.
Environmental Health and Safety (EH&S) Supplier Awareness Training ISR Systems Danbury, CT 2011.
North Carolina Community College System IIPS Conference – Spring 2009 Jason Godfrey IT Security Manager (919)
Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.
Roles and Responsibilities
Copyright 2000, Marchany Forging Partnerships Between Auditors and Security Managers: Breakthrough Methods That Work Randy Marchany VA Tech Computing Center.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Auditing Information Systems (AIS)
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Unit 4 IT 484 Networking Security Course Name – IT Networking Security 1203C Term Instructor.
Information Systems Security Operations Security Domain #9.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Environmental Management System Definitions
Copyright © 2007 Pearson Education Canada 1 Chapter 1: The Demand for Auditing and Assurance Services.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright 2001 Marchany1 Auditing Networks, Perimeters and Systems Introduction.
1 Policy Types l Program l Issue Specific l System l Overall l Most Generic User Policies should be publicized l Internal Operations Policies should be.
The Direction of Information Security and Privacy in State Government Presented by Colleen Pedroza Chief Information Security Officer California State.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Strategic Agenda We want to be connected to the internet……… We may even want to host our own web site……… We must have a secure network! What are the.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Information Security tools for records managers Frank Rankin.
Learn Integrated Management System Documentation Process with Ready-to-use EQHSMS Documentation Kit
ISO :2015 Documentation kit for Accreditation of Certifying Body - by Global Manager Group
AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Chapter 8 : Management of Security Lecture #1-Week 13 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.
Responding to Intrusions
Information Security based on International Standard ISO 27001
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
CMGT 431 STUDY Lessons in Excellence--cmgt431study.com.
Server Security Policy
Auditing Networks, Perimeters and Systems
Anatomy of a Common Cyber Attack
Presentation transcript:

Copyright 2001 Marchany, SANS Institute1 Auditing Networks, Perimeters and Systems Appendices/Supplemental Material The SANS Institute

Copyright 2001 Marchany, SANS Institute2 APPENDIX 1  The following matrices are examples of your matrix reports –Exhibit A (ASSET Matrix) –Exhibit B (ASSET WEIGHT Matrix) –Exhibit C (RISKS Matrix) –Exhibit D (RISK WEIGHT Matrix) –Exhibit E (ASSET-RISK Matrix) –Exhibit F (CONTROLS Matrix)

Copyright 2001 Marchany, SANS Institute3 APPENDIX 2 The following spreadsheets are the compliance reports. Overall Compliance Report that lists the general vulnerabilities a system has. This is a quick 1 page report for mgt. or the auditors. Asset/Risk Matrix list whether a system is affected by a risk. The risks are more specific. Controls Matrix lists what controls are in place for a given system. Individual Action Matrix lists the details of an audit for each node. Did the system comply?

Copyright 2001 Marchany, SANS Institute4 APPENDIX 3  The following checklist gives the detailed commands to be performed in the “audit”.  The categories are based on the Risk Matrices in Appendix 1.  The results of the checklist commands are inserted in the Compliance matrices of Appendix 2.  This checklist and the matrices form the overall audit/security checklist package.

Copyright 2001 Marchany, SANS Institute5 APPENDIX 4  Your company’s response policy will dictate the degree of audit record keeping you’ll have to maintain.  There are 2 strategies: –Protect and Proceed –Pursue and Prosecute

Copyright 2001 Marchany, SANS Institute6 Incident Handling: Protect and Proceed ? - Which strategy should your organization follow to handle an incident? This dictates the level of record keeping needed to fulfill the strategy. (RFC2196) - the protection and preservation of site facilities - return to normal operations as soon as possible - actively interfere with intruder attempts - begin immediate damage assessment and recovery Use if: - assets are not well protected - continued penetration could result in financial risk - possibility or willingness to prosecute is not present - user community is unknown - unsophisticated users and their work is vulnerable - the site is vulnerable to lawsuits from users if their resources are undermined

Copyright 2001 Marchany, SANS Institute7 Incident Handling: Pursue and Prosecute? - allow intruders to continue their activity until the site can identify them. This is recommended by law enforcement agencies - Use if: - system assets are well protected - good backups are available - asset risks are outweighed by risk of future penetrations - it's a concentrated and frequent attack - the site has a natural attraction to intruders, e.g. university, bank - the site is willing to spend the money and risk to catch the guy - intruder access can be controlled - well-developed monitoring tools are available - you have a technically competent support staff - management is willing to prosecute - system administrators know in general what evidence will aid in prosecution - there is established contact with law enforcement agencies - the site has involved their legal staff

Copyright 2001 Marchany, SANS Institute8 Appendix 5 – CIS Rulers  The current CIS rulers are included here. A sample Solaris Level 1 ruler is included.  The NT rulers are incomplete at this date (3/6/01) but should be available in the summer.  The VT AD ROE is available at

Copyright 2001 Marchany, SANS Institute9 Appendix 6 – AUP Example  This appendix contains the VA Tech Acceptable Use Policy and the Acceptable Use Guidelines

Copyright 2001 Marchany, SANS Institute10 References –“Time Based Security”, Winn Schwartau, Interpact Press, 1999, ISBN: The discussion on TBS was derived from this text. –“Firewalls and Internet Security”, Cheswick & Bellovin, Addison-Wesley, 1994, ISBN: –RFC 2196, Guide to Writing a Site Security Policy –

Copyright 2001 Marchany, SANS Institute11 References  The complete Top 10 document can be found in the appendix.  Some WWW sites to visit: – – – – – – –

Copyright 2001 Marchany, SANS Institute12 Course Revision History

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.