Security Audit - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

Security Audit

Description:

Starts with policies and procedures in place. Initially the policy is treated as threat and audit focuses ... Security Audit http://www.porcupine.org/auditing ... – PowerPoint PPT presentation

Number of Views:38
Avg rating:3.0/5.0
Slides: 16
Provided by: Sri672
Category:

less

Transcript and Presenter's Notes

Title: Security Audit


1
Security Audit
2
Security Audit
  • Controls
  • Security logs
  • Risk assessment

3
Steps in Audit
  • Starts with policies and procedures in place
  • Initially the policy is treated as threat and
    audit focuses on how people and systems address
    the threat
  • Interview employees and administrators
  • Evaluate technical aspects for security
  • Review all data logs

4
What to look for in audit?
  • Are passwords difficult to crack?
  • Are there access control lists (ACLs) in place on
    network devices to control who has access to
    shared data?
  • Are there audit logs to record who accesses data?
  • Are the audit logs reviewed?
  • Are the security settings for operating systems
    in accordance with accepted industry security
    practices?
  • Have all unnecessary applications and computer
    services been eliminated for each system?
  • Are these operating systems and commercial
    applications patched to current levels?
  • How is backup media stored? Who has access to it?
    Is it up-to-date?
  • Is there a disaster recovery plan? Have the
    participants and stakeholders ever rehearsed the
    disaster recovery plan?

5
What to look for in audit?
  • Are there adequate cryptographic tools in place
    to govern data encryption, and have these tools
    been properly configured?
  • Have custom-built applications been written with
    security in mind?
  • How have these custom applications been tested
    for security flaws?
  • How are configuration and code changes documented
    at every level? How are these records reviewed
    and who conducts the review?

6
Why do security audit?
  • Assess compliance aspects of policy
  • Assess risk
  • Assess level of security
  • Evaluate security incident response

7
Items to check in an audit
Source See references
8
Security Tools
9
Audit components
  • Preparation 10
  • Reviewing Policy/Docs 10
  • Talking/Interviewing 10
  • Technical Investigation 15
  • Reviewing Data 20
  • Writing Up 20
  • Report Presentation 5
  • Post Audit Actions 10
  • Source Tech Support Alert website (see
    references)

10
Audit Process
  • Security audit team reports directly to CEO or
    the Board of Directors
  • Types of security audits
  • Firewall (every 6 months)
  • Network (every year)

11
Auditors
  • Usually third party companies specializing in
    security audit
  • For internal audit, people with necessary
    security access privileges
  • Technical expertise is a must

12
References
  • Security Audit http//www.porcupine.org/auditing/
  • Security Audit http//www.securityfocus.com/infocu
    s/1697
  • How to perform security audit? http//www.techsupp
    ortalert.com/search/t04123.pdf
  • Site Security Handbook. RFC 2196

13
References
  • packetstorm.security.com
  • PacketStorm Security is a very good source of the
    latest security issues.
  • www.rootshell.com
  • Rootshell is another source of security issue
    information. This site hasnt been updated in a
    while - however, the information provided is
    useful.
  • www.l0pht.com
  • L0pht is a Black Hat group that performs
    testing of commonly used tools for security
    issues. L0pht also produces a number of useful
    tools for testing system security.

14
References
  • www.securityfocus.com
  • Bugtraq is a mailing list for the discussion and
    announcement of computer security
    vulnerabilities. Details of how to subscribe and
    archive for the mailing list can be found at the
    above website
  • www.ntbugtraq.com
  • NTBugtraq is the Windows platform version of the
    Bugtraq mailing list
  • www.ciac.org/ciac
  • CIAC (Computer Incident Advisory Capability)
    provides tools and advisory information.

15
References
  • www.cs.purdue.edu/coast/coast.html
  • COAST (Computer Operations, Audit and Security
    Technology) is a research project into computer
    security at the Computer Sciences Department at
    Purdue University. COAST also boasts a large
    catalog of security and audit-related
    applications in their ftp archive.
  • Security audit http//www.insecure.org/nmap
Write a Comment
User Comments (0)
About PowerShow.com