1 / 31

Fundamentals of Information Systems Security Chapter 7 Auditing, Testing, and Monitoring

Fundamentals of Information Systems Security Chapter 7 Auditing, Testing, and Monitoring. Learning Objective. Explain the importance of security audits, testing, and monitoring to effective security policy. Key Concepts.

tyrone
Download Presentation

Fundamentals of Information Systems Security Chapter 7 Auditing, Testing, and Monitoring

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Fundamentals of Information Systems Security Chapter 7 Auditing, Testing, and Monitoring

  2. Learning Objective • Explain the importance of security audits, testing, and monitoring to effective security policy.

  3. Key Concepts • The role of an audit in effective security baselining and gap analysis • The importance of monitoring systems throughout the IT infrastructure • Penetration testing and ethical hacking to help mitigate the gaps • Security logs for normal and abnormal traffic patterns and digital signatures • Security countermeasures of auditing, testing, and monitoring test results

  4. DISCOVER: CONCEPTS

  5. The Security Cycle

  6. Purpose of an IT Security Assessment

  7. IT Security Audit Terminology • Verification • Validation • Testing • Evaluation

  8. Purpose of an IT Infrastructure Audit

  9. IT Infrastructure Audit Domains

  10. IT Security Assessment vs. Audit

  11. Ethical Hacking • Seeks to identify and demonstrate exploits for discovered vulnerabilities • Good guys employ technical methods used by the bad guys. • Also called penetration testing • Black, white, or gray box testing

  12. Role of Ethical Hacking • Ethical hackers are white hats experienced in penetration testing and security assessments. • Ethical hacking tests security controls against actual attacks.

  13. DISCOVER: PROCESS

  14. Security Testing

  15. Security Testing

  16. Penetration Testing • Employs testing methodologies depending on the scope of access and information provided by client: • Black box • White box • Gray box

  17. Covert and Overt Testers

  18. DISCOVER: ROLES

  19. Roles in an IT Security Assessment and Audit • Information Systems Security (ISS) officers/managers • Network and systems administrators • Managers/data owners • Auditors • Penetration testers orethical hackers

  20. DISCOVER: CONTEXTS

  21. Real-Time Monitoring • Host Intrusion Prevention System (HIPS): Monitors individual hosts for suspicious activity • Network Intrusion Prevention System (NIPS): Monitors entire network for suspicious traffic • Wireless Intrusion Prevention System (WIPS): Specifically monitors the wireless network for suspicious traffic

  22. IDS As a Firewall Complement

  23. Basic NIDS

  24. Real-Time Monitoring Functions

  25. Ways to Detect Bad Behavior in Real-Time Monitoring • Attack signatures • Statistical anomalies • Stateful protocol analysis

  26. Real-Time Monitoring Targets

  27. Ingress and Egress

  28. Employing Countermeasures • Monitor security at several layers of the environment: • System logs • Service logs • Application logs • Network logs

  29. Layered Network Devices

  30. Host Isolation

  31. Summary • IT security assessments and audits verify, validate, test, and evaluate the infrastructure. • Penetration testing helps mitigate security gaps. • Security log monitoring reveals normal and abnormal traffic patterns and digital signatures. • System and network monitoring helps prevent attacks and unauthorized access. • Appropriate security countermeasures are determined through auditing, testing, and monitoring test results.

More Related