Submit Search
Upload
Aula 05 - Importância do teste, auditoria e monitoramento
•
0 likes
•
348 views
Leinylson Fontinele
Follow
Slides da aula de Segurança Computacional
Read less
Read more
Education
Report
Share
Report
Share
1 of 28
Download now
Download to read offline
Recommended
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...
Leinylson Fontinele
Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...
Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...
Leinylson Fontinele
Aula 01 - Fundamentos da segurança dos sistemas de informações
Aula 01 - Fundamentos da segurança dos sistemas de informações
Leinylson Fontinele
Aula 04 - Implementação efetiva da política de segurança
Aula 04 - Implementação efetiva da política de segurança
Leinylson Fontinele
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5
Dr. Ahmed Al Zaidy
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
PECB
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
Dr. Ahmed Al Zaidy
Recommended
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...
Leinylson Fontinele
Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...
Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...
Leinylson Fontinele
Aula 01 - Fundamentos da segurança dos sistemas de informações
Aula 01 - Fundamentos da segurança dos sistemas de informações
Leinylson Fontinele
Aula 04 - Implementação efetiva da política de segurança
Aula 04 - Implementação efetiva da política de segurança
Leinylson Fontinele
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5
Dr. Ahmed Al Zaidy
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
PECB
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14
Dr. Ahmed Al Zaidy
William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015
William Tanenbaum
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
Dr. Ahmed Al Zaidy
Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3
techcouncil
Funsec3e ppt ch06
Funsec3e ppt ch06
Skillspire LLC
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8
Dr. Ahmed Al Zaidy
Forensic3e ppt ch03
Forensic3e ppt ch03
Skillspire LLC
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12
Dr. Ahmed Al Zaidy
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLP
andreasschuster
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13
Dr. Ahmed Al Zaidy
Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government Contractors
Government Technology and Services Coalition
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Dr. Ahmed Al Zaidy
Forensic3e ppt ch13
Forensic3e ppt ch13
Skillspire LLC
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Dr. Ahmed Al Zaidy
Funsec3e ppt ch07
Funsec3e ppt ch07
Skillspire LLC
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6
Dr. Ahmed Al Zaidy
Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)
Arpin Consulting
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11
Dr. Ahmed Al Zaidy
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7
Mukesh Chinta
Access Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docx
daniahendric
Funsec3e ppt ch05
Funsec3e ppt ch05
Skillspire LLC
More Related Content
What's hot
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14
Dr. Ahmed Al Zaidy
William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015
William Tanenbaum
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
Dr. Ahmed Al Zaidy
Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3
techcouncil
Funsec3e ppt ch06
Funsec3e ppt ch06
Skillspire LLC
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8
Dr. Ahmed Al Zaidy
Forensic3e ppt ch03
Forensic3e ppt ch03
Skillspire LLC
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12
Dr. Ahmed Al Zaidy
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLP
andreasschuster
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13
Dr. Ahmed Al Zaidy
Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government Contractors
Government Technology and Services Coalition
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Dr. Ahmed Al Zaidy
Forensic3e ppt ch13
Forensic3e ppt ch13
Skillspire LLC
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Dr. Ahmed Al Zaidy
Funsec3e ppt ch07
Funsec3e ppt ch07
Skillspire LLC
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6
Dr. Ahmed Al Zaidy
Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)
Arpin Consulting
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11
Dr. Ahmed Al Zaidy
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7
Mukesh Chinta
What's hot
(20)
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14
William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3
Funsec3e ppt ch06
Funsec3e ppt ch06
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8
Forensic3e ppt ch03
Forensic3e ppt ch03
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLP
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13
Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government Contractors
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Forensic3e ppt ch13
Forensic3e ppt ch13
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Funsec3e ppt ch07
Funsec3e ppt ch07
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6
Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7
Similar to Aula 05 - Importância do teste, auditoria e monitoramento
Access Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docx
daniahendric
Funsec3e ppt ch05
Funsec3e ppt ch05
Skillspire LLC
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
TrustArc
Idera live 2021: Database Auditing - on-Premises and in the Cloud by Craig M...
Idera live 2021: Database Auditing - on-Premises and in the Cloud by Craig M...
IDERA Software
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Edgar Alejandro Villegas
Information Technology Security Basics
Information Technology Security Basics
Mohan Jadhav
cryptography.pptx
cryptography.pptx
MhndHTaani
Data security in the cloud
Data security in the cloud
IBM Security
Five Common Causes of Data Breaches
Five Common Causes of Data Breaches
Seclore
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
IBM Security
info-sys-security3.pptx
info-sys-security3.pptx
MhndHTaani
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
IBM
Asset Security
Asset Security
Jagbir Singh
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
Priyanka Aash
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
IBM Security
Funsec3e ppt ch03
Funsec3e ppt ch03
Skillspire LLC
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
IBM Security
Cyber review-guide
Cyber review-guide
aqazad
Shield db data security
Shield db data security
Mousumi Manna
Shield db data security
Shield db data security
Mousumi Manna
Similar to Aula 05 - Importância do teste, auditoria e monitoramento
(20)
Access Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docx
Funsec3e ppt ch05
Funsec3e ppt ch05
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Idera live 2021: Database Auditing - on-Premises and in the Cloud by Craig M...
Idera live 2021: Database Auditing - on-Premises and in the Cloud by Craig M...
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Information Technology Security Basics
Information Technology Security Basics
cryptography.pptx
cryptography.pptx
Data security in the cloud
Data security in the cloud
Five Common Causes of Data Breaches
Five Common Causes of Data Breaches
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
info-sys-security3.pptx
info-sys-security3.pptx
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
Asset Security
Asset Security
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Funsec3e ppt ch03
Funsec3e ppt ch03
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
Cyber review-guide
Cyber review-guide
Shield db data security
Shield db data security
Shield db data security
Shield db data security
More from Leinylson Fontinele
Utilização do editor de texto Word
Utilização do editor de texto Word
Leinylson Fontinele
Prática com slide.pptx
Prática com slide.pptx
Leinylson Fontinele
A galinha carijó
A galinha carijó
Leinylson Fontinele
Descrição do Projeto 8 puzzle
Descrição do Projeto 8 puzzle
Leinylson Fontinele
Aula 02 - Agentes Inteligentes
Aula 02 - Agentes Inteligentes
Leinylson Fontinele
Aula 01 - Visão Geral da IA
Aula 01 - Visão Geral da IA
Leinylson Fontinele
A história da Segurança da Informação
A história da Segurança da Informação
Leinylson Fontinele
Introdução ao Prolog - Prof. Sérgio S. Costa
Introdução ao Prolog - Prof. Sérgio S. Costa
Leinylson Fontinele
Caso 1 - Boing 777
Caso 1 - Boing 777
Leinylson Fontinele
Caso 2 - Aeroporto de Denver
Caso 2 - Aeroporto de Denver
Leinylson Fontinele
Aula 02 - Agentes e problemas de busca
Aula 02 - Agentes e problemas de busca
Leinylson Fontinele
Aula 01 - Visão geral da IA
Aula 01 - Visão geral da IA
Leinylson Fontinele
Aula 7 - Modelagem de Software
Aula 7 - Modelagem de Software
Leinylson Fontinele
Aula 6 - Qualidade de Software
Aula 6 - Qualidade de Software
Leinylson Fontinele
Aula 07 - Diagrama de sequencia
Aula 07 - Diagrama de sequencia
Leinylson Fontinele
Aula 06 - Diagrama de classes
Aula 06 - Diagrama de classes
Leinylson Fontinele
Aula 04 - Diagrama de casos de uso
Aula 04 - Diagrama de casos de uso
Leinylson Fontinele
Aula 1 - Introdução a Engenharia de Software
Aula 1 - Introdução a Engenharia de Software
Leinylson Fontinele
Aula 2 - Modelos de processos
Aula 2 - Modelos de processos
Leinylson Fontinele
Minicurso de App Inventor
Minicurso de App Inventor
Leinylson Fontinele
More from Leinylson Fontinele
(20)
Utilização do editor de texto Word
Utilização do editor de texto Word
Prática com slide.pptx
Prática com slide.pptx
A galinha carijó
A galinha carijó
Descrição do Projeto 8 puzzle
Descrição do Projeto 8 puzzle
Aula 02 - Agentes Inteligentes
Aula 02 - Agentes Inteligentes
Aula 01 - Visão Geral da IA
Aula 01 - Visão Geral da IA
A história da Segurança da Informação
A história da Segurança da Informação
Introdução ao Prolog - Prof. Sérgio S. Costa
Introdução ao Prolog - Prof. Sérgio S. Costa
Caso 1 - Boing 777
Caso 1 - Boing 777
Caso 2 - Aeroporto de Denver
Caso 2 - Aeroporto de Denver
Aula 02 - Agentes e problemas de busca
Aula 02 - Agentes e problemas de busca
Aula 01 - Visão geral da IA
Aula 01 - Visão geral da IA
Aula 7 - Modelagem de Software
Aula 7 - Modelagem de Software
Aula 6 - Qualidade de Software
Aula 6 - Qualidade de Software
Aula 07 - Diagrama de sequencia
Aula 07 - Diagrama de sequencia
Aula 06 - Diagrama de classes
Aula 06 - Diagrama de classes
Aula 04 - Diagrama de casos de uso
Aula 04 - Diagrama de casos de uso
Aula 1 - Introdução a Engenharia de Software
Aula 1 - Introdução a Engenharia de Software
Aula 2 - Modelos de processos
Aula 2 - Modelos de processos
Minicurso de App Inventor
Minicurso de App Inventor
Recently uploaded
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Pooja Bhuva
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
christianmathematics
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
AreebaZafar22
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
Nguyen Thanh Tu Collection
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
VishalSingh1417
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
camerronhm
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
Nirmal Dwivedi
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
Sherif Taha
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
Elizabeth Walsh
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
Amanpreet Kaur
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
neillewis46
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
MaritesTamaniVerdade
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
Celine George
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
Application orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
RamjanShidvankar
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
pradhanghanshyam7136
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
Poh-Sun Goh
Understanding Accommodations and Modifications
Understanding Accommodations and Modifications
MJDuyan
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
Recently uploaded
(20)
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
Application orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
Understanding Accommodations and Modifications
Understanding Accommodations and Modifications
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
Aula 05 - Importância do teste, auditoria e monitoramento
1.
© 2012 Jones
and Bartlett Learning, LLC www.jblearning.com Fundamentals of Information Systems Security Unit 5 Importância do teste, auditoria e monitoramento
2.
Page 2Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Learning Objective Explain the importance of security audits, testing, and monitoring to effective security policy.
3.
Page 3Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Key Concepts § Role of an audit in effective security baselining and gap analysis § Importance of monitoring systems throughout the IT infrastructure § Penetration testing and ethical hacking to help mitigate gaps § Security logs for normal and abnormal traffic patterns and digital signatures § Security countermeasures through auditing, testing, and monitoring test results
4.
Page 4Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com DISCOVER: CONCEPTS
5.
Page 5Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Purpose of an IT Security Assessment Check effectiveness of security measures. Verify access controls. Validate established mechanisms.
6.
Page 6Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com IT Security Audit Terminology §Verification §Validation §Testing §Evaluation
7.
Page 7Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Purpose of an IT Infrastructure Audit Verify that established controls perform as planned. Internal audits examine local security risks and countermeasures. External audits explore attacks from outside.
8.
Page 8Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com IT Security Assessment vs. Audit Security Assessment: Examines systems for established security policies and regulatory compliance Security Audit: Identifies what weaknesses exist despite established security controls
9.
Page 9Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Ethical Hacking §Seeks to identify and demonstrate exploits for discovered vulnerabilities • Good guys employ technical methods used by the bad guys. §Also called penetration testing §Black, white, or gray box testing
10.
Page 10Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Role of Ethical Hacking §Ethical hackers are white hats experienced in penetration testing and security assessments. §Ethical hacking tests security controls against actual attacks.
11.
Page 11Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com DISCOVER: PROCESSES
12.
Page 12Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Penetration Testing §Employs testing methodologies depending on the scope of access and information provided by client: • Black box • White box • Gray box
13.
Page 13Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Penetration Testing: white box §O desenvolvedor tem acesso ao código fonte da aplicação e pode construir códigos para efetuar a ligação de bibliotecas e componentes. §Analisa-se o código fonte e elabora-se casos de teste que cubram todas as possibilidades do programa.
14.
Page 14Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Penetration Testing: black box § O desenvolvedor dos testes não possui acesso algum ao código fonte. § O objetivo é efetuar operações sobre as diversas funcionalidades e verificar se o resultado gerado por estas está de acordo com o esperado.
15.
Page 15Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Penetration Testing: gray box § O desenvolvedor dos testes não tem acesso ao código fonte da aplicação, porém tem conhecimento dos algoritmos que foram implementados. § Pode manipular arquivos de entrada e saída do tipo XML ou acessos ao banco de d a d o s d a a p l i c a ç ã o p a r a s i m p l e s conferência de dados/alteração de parâmetros considerados nos testes.
16.
Page 16Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com DISCOVER: ROLES
17.
Page 17Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Roles in an IT Security Assessment and Audit §Information Systems Security (ISS) officers/managers §Network and systems administrators §Managers/data owners §Auditors §Penetration testers or ethical hackers
18.
Page 18Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com DISCOVER: CONTEXTS
19.
Page 19Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Real-Time Monitoring § Host Intrusion Prevention System (HIPS): Monitors individual hosts for suspicious activity § Network Intrusion Prevention System (NIPS): Monitors entire network for suspicious traffic § Wireless Intrusion Prevention System (WIPS): Specifically monitors the wireless network for suspicious traffic
20.
Page 20Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Real-Time Monitoring Functions Respond to incidents as they occur. HIPS denies and disrupts a live attack on a system. NIPS intercepts and interrupts a live attack on the wire.
21.
Page 21Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Ways to Detect Bad Behavior in Real-Time Monitoring §Attack signatures §Statistical anomalies §Stateful protocol analysis
22.
Page 22Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Real-Time Monitoring Targets § Authentication failures § Application crashes § Service disruptions § System intrusions
23.
Page 23Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Real-Time Monitoring Targets (Continued) § Network abuses § Policy violations § Unauthorized activities § Inventory changes
24.
Page 24Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Ingress and Egress Firewalls Intrusion detection system (IDS) Intrusion prevention system (IPS)
25.
Page 25Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
26.
Page 26Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Ataque em rede interna protegida
27.
Page 27Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Employing Countermeasures §Monitor security at several layers of the environment: • System logs • Service logs • Application logs • Network logs
28.
Page 28Fundamentals of
Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Summary § IT security assessments and audits verify, validate, test, and evaluate the infrastructure. § Penetration testing helps mitigate security gaps. § Security log monitoring reveals normal and abnormal traffic patterns and digital signatures. § System and network monitoring helps prevent attacks and unauthorized access. § Appropriate security countermeasures are determined through auditing, testing, and monitoring test results.
Download now