LV
Uploaded byLeo Mark Villar
PPTX, PDF1,089 views

Data security auditing and accountability

This document discusses auditing and accountability in information security. It explains that accountability provides the means to trace activities back to their source through identification, authentication, and access controls. This deters misuse and allows for non-repudiation. The document outlines how auditing, logging, monitoring, and assessments support accountability and security by detecting anomalies and vulnerabilities.

Embed presentation

Downloaded 59 times
AUDITING AND ACCOUNTABILITY
THE NEED FOR ACCOUNTABILITY Even though we allowed a party to access a resource, we need to ensure that they behave in accordance with rules set.
DATA SECURITY identification Authentication Authorization Control Accountability
ACCOUNTABILITY • Provides the means to trace activities in our environment back to their source. • Depends on identification, authentication, and access control being present so that one can know who a given transaction is associated with and what permissions were used to allow them to carry it out. • Providing sufficient controls in place to deter or prevent those that would break the rules and abuse the resources they have access to
SECURITY BENEFITS OF ACCOUNTABILITY • NONREPUDIATION • Refers to a situation in which sufficient evidence exists to prevent an individual from successfully denying that he or she has made a statement, or taken an action. • Example : system or network logs
SECURITY BENEFITS OF ACCOUNTABILITY • DETERRENCE • If those monitored are aware that they are monitored and has been communicated to them that there will be penalties for acting against the rules, these individuals may think twice before straying outside the lines.
SECURITY BENEFITS OF ACCOUNTABILITY • INTRUSION DETECTION AND PREVENTION • example implementation of alerts based on unusual activities in our environment and check information we have logged on a regular basis
SECURITY BENEFITS OF ACCOUNTABILITY • ADMISSIBILITY OF RECORDS • It is often much easier to prove admissibility when records are produced from a regulated and consistent tracking system. This means the organization can provide a solid and documented chain of custody for said evidence such as showing where evidence was at all times, how exactly it passed from one person to another, how it was protected while it was stored and so on.
AUDITING • A methodological examination and review of resources • Provides with data which can be implemented for accountability
WHAT DO WE AUDIT • Password • Policies must be implemented to dictate how passwords are constructed and use • Software Licensing • Systems owned by the organization that all software used is appropriately licensed • Internet Usage • Use of instant messaging, e-mails, file transfers, or other transactions
LOGGING • Gives history of the activities that have taken place in the environment being logged. • Logging mechanisms can be setup to log anything from solely critical events to every action carried out by the system or software such as : • Software error logs • Hardware failures • Users logging in and out • Resource access • Tasks requiring increased privileges in most logs
LOGGING • Available to administrators for review and are usually not modifiable by the users of the system. • Logs must be regularly reviewed in order to catch anything unusual in their contents. • Logs may be asked to be analyze in relation to a particular incident or situation
MONITORING • Subset of auditing and tends to focus on observing about the environment being monitored in order to discover undesirable conditions such as failures, resource shortages, security issues, and trends that might signal the arrival of such conditions.
MONITORING • Typically watching specific items of data collected such as : • Resource usage on computers • Network latency • Attacks occurring repeatedly against servers with network interfaces exposed to the Internet • Traffic passing through physical access controls at unusual times of day • CLIPPING LEVEL – activities are occurring levels above what is normally expected
ASSESSMENTS • A more active route of determining whether everything is as it should be and compliant with relevant laws, regulations, policies by examining the environment for vulnerabilities. • APPROACHES • Vulnerability Assessment • Penetration Testing
VULNERABILITY ASSESSMENT • Involves use of vulnerability scanning tools in order to locate a vulnerability. • NESSUS • Vulnerability scanning tool checking target systems to discover which ports are open and then interrogating each open port to find out exactly which service is listening on the port in question. • With the information collected, it checks its database of vulnerability information to determine whether any vulnerability may be presernt.
PENETRATION TESTING • Mimicking the techniques an actual attacker may use to penetrate a system.

More Related Content

PPTX
Cia security model
byImran Ahmed
 
PPTX
Intruders
byALOK KUMAR
 
PPTX
Ntfs and computer forensics
byGaurav Ragtah
 
PDF
Malicious software
byDr.Florence Dayana
 
PPT
Intruders
bytechn
 
PDF
Intruders
byDr.Florence Dayana
 
PDF
Access Control Presentation
byWajahat Rajab
 
PPT
Security models
byLJ PROJECTS
 
Cia security model
byImran Ahmed
 
Intruders
byALOK KUMAR
 
Ntfs and computer forensics
byGaurav Ragtah
 
Malicious software
byDr.Florence Dayana
 
Intruders
bytechn
 
Intruders
byDr.Florence Dayana
 
Access Control Presentation
byWajahat Rajab
 
Security models
byLJ PROJECTS
 

What's hot

PPTX
Network security
byhajra azam
 
PDF
OPERATING SYSTEM SECURITY
byRohitK71
 
PDF
Types of Threat Actors and Attack Vectors
byLearningwithRayYT
 
PPTX
Cyber Security Best Practices
byEvolve IP
 
PPTX
Firewall Design and Implementation
byajeet singh
 
PPTX
Operating system security
byRamesh Ogania
 
PPTX
Threats to information security
byswapneel07
 
PPTX
06. security concept
byMuhammad Ahad
 
PPTX
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
byDheeraj Kataria
 
PDF
Data security and Integrity
byZaid Shabbir
 
PPTX
Operating System Security
byRamesh Upadhaya
 
PPT
intrusion detection system (IDS)
byAj Maurya
 
PPTX
CISSP - Chapter 3 - System security architecture
byKarthikeyan Dhayalan
 
PPT
IT Security management and risk assessment
byCAS
 
PPTX
Introduction to Snort
byHossein Yavari
 
PPTX
Database security
byBirju Tank
 
PDF
Access_Control_Systems_and_methodology
byArti Ambokar
 
PPT
17. Recovery System in DBMS
bykoolkampus
 
PDF
Introduction to security
byMukesh Chinta
 
PPTX
Network security
byEstiak Khan
 
Network security
byhajra azam
 
OPERATING SYSTEM SECURITY
byRohitK71
 
Types of Threat Actors and Attack Vectors
byLearningwithRayYT
 
Cyber Security Best Practices
byEvolve IP
 
Firewall Design and Implementation
byajeet singh
 
Operating system security
byRamesh Ogania
 
Threats to information security
byswapneel07
 
06. security concept
byMuhammad Ahad
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
byDheeraj Kataria
 
Data security and Integrity
byZaid Shabbir
 
Operating System Security
byRamesh Upadhaya
 
intrusion detection system (IDS)
byAj Maurya
 
CISSP - Chapter 3 - System security architecture
byKarthikeyan Dhayalan
 
IT Security management and risk assessment
byCAS
 
Introduction to Snort
byHossein Yavari
 
Database security
byBirju Tank
 
Access_Control_Systems_and_methodology
byArti Ambokar
 
17. Recovery System in DBMS
bykoolkampus
 
Introduction to security
byMukesh Chinta
 
Network security
byEstiak Khan
 

Viewers also liked

PDF
HIPAA
byChristopher Laboy
 
DOCX
Gangsters
byLolJokes
 
PDF
Dan Armstrong, Mobile Monday Amsterdam
byDan Armstrong
 
PPT
Etxeko Sentimenduak
byasier valiente
 
PDF
Práctica nº1
bybego-uca
 
PDF
Inmobigrama.com
byfloweryjailer7279
 
DOCX
Mahou shoujo madoka magica op lyrics
bySwamperd
 
PDF
Gooru Live, cómo tener un canal de Tv
byMarcial Cuquerella
 
PDF
Situation financière de l'Assurance chômage : Prévision pour l'année 2015
byUnédic
 
DOC
Internet no tiene limites
bydiego2777
 
DOC
20 25 marzo '12 actividades
byMari Carmen Timor
 
PDF
7 Xu Huong Tiep Thi nam 2016
byGetfly CRM
 
PDF
Bhoomi acropolis
bySquare Yards
 
PPT
NMB mobile Launch
byDan Armstrong
 
PPTX
What Your House Number Means
bySquare Yards
 
PPTX
Puedo ayudar a los demas (iv unidad) segundo
byLuis Miguel Galiano Velasquez
 
PDF
1.4 open hardware
byJose Antonio Vacas
 
PPTX
Sistemas operativos en red
byJomicast
 
PPT
Electrónica Analógica 4º eso
byKoldo Parra
 
PPTX
Sesion 12 proactividad
byLNolbert
 
HIPAA
byChristopher Laboy
 
Gangsters
byLolJokes
 
Dan Armstrong, Mobile Monday Amsterdam
byDan Armstrong
 
Etxeko Sentimenduak
byasier valiente
 
Práctica nº1
bybego-uca
 
Inmobigrama.com
byfloweryjailer7279
 
Mahou shoujo madoka magica op lyrics
bySwamperd
 
Gooru Live, cómo tener un canal de Tv
byMarcial Cuquerella
 
Situation financière de l'Assurance chômage : Prévision pour l'année 2015
byUnédic
 
Internet no tiene limites
bydiego2777
 
20 25 marzo '12 actividades
byMari Carmen Timor
 
7 Xu Huong Tiep Thi nam 2016
byGetfly CRM
 
Bhoomi acropolis
bySquare Yards
 
NMB mobile Launch
byDan Armstrong
 
What Your House Number Means
bySquare Yards
 
Puedo ayudar a los demas (iv unidad) segundo
byLuis Miguel Galiano Velasquez
 
1.4 open hardware
byJose Antonio Vacas
 
Sistemas operativos en red
byJomicast
 
Electrónica Analógica 4º eso
byKoldo Parra
 
Sesion 12 proactividad
byLNolbert
 

Similar to Data security auditing and accountability

PPTX
TOTLEKELIvxcvxdfsdfsdfsdfsdfqqefewrwerwervesfdfsdfefsdsfds
bysrizvi9
 
PPTX
Audit presentation
byMetafrique group
 
PDF
Steps in it audit
bykinjalmkothari92
 
PPTX
Logs in Security and Compliance flare
byzilberberg
 
PPTX
Cyber Security Audit and Information Security.pptx
byalamba570
 
PPTX
Logging, monitoring and auditing
byPiyush Jain
 
PDF
It Security Audit Process
byRam Srivastava
 
PPT
Information Security
byDhilsath Fathima
 
PDF
CISA-Exam-Prep-Domain-5-2019.pdf. CISA exam
bygregtap1
 
PPTX
Unit-I-Elements.pptx ELEMENTS FOR CRYPTOGRAPHY
byNirmalapriyadharshin
 
PPS
Auditing
byPardhasaradhi ch
 
KEY
Mis
bymisecho
 
PPTX
CISSP - Security Assessment
byKarthikeyan Dhayalan
 
PPT
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
byabhichowdary16
 
PDF
CNIT 125: Ch 2. Security and Risk Management (Part 1)
bySam Bowne
 
PDF
2020 Updated Cisa Real Exam Questions
bydouglascarnicelli
 
PDF
CIO IT Audit Survival TNS07
byThomas Danford
 
PPTX
MODULE 1-UNIT_1.pptx MODULE 1-UNIT_1.pptx MODULE 1-UNIT_1.pptx
bypavanscholar123
 
PPTX
20100224 Presentation at RGIT Mumbai - Information Security Awareness
byDinesh O Bareja
 
PDF
C RITICAL A SSESSMENT OF A UDITING C ONTRIBUTIONS T O E FFECTIVE AND E FF...
bycsandit
 
TOTLEKELIvxcvxdfsdfsdfsdfsdfqqefewrwerwervesfdfsdfefsdsfds
bysrizvi9
 
Audit presentation
byMetafrique group
 
Steps in it audit
bykinjalmkothari92
 
Logs in Security and Compliance flare
byzilberberg
 
Cyber Security Audit and Information Security.pptx
byalamba570
 
Logging, monitoring and auditing
byPiyush Jain
 
It Security Audit Process
byRam Srivastava
 
Information Security
byDhilsath Fathima
 
CISA-Exam-Prep-Domain-5-2019.pdf. CISA exam
bygregtap1
 
Unit-I-Elements.pptx ELEMENTS FOR CRYPTOGRAPHY
byNirmalapriyadharshin
 
Auditing
byPardhasaradhi ch
 
Mis
bymisecho
 
CISSP - Security Assessment
byKarthikeyan Dhayalan
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
byabhichowdary16
 
CNIT 125: Ch 2. Security and Risk Management (Part 1)
bySam Bowne
 
2020 Updated Cisa Real Exam Questions
bydouglascarnicelli
 
CIO IT Audit Survival TNS07
byThomas Danford
 
MODULE 1-UNIT_1.pptx MODULE 1-UNIT_1.pptx MODULE 1-UNIT_1.pptx
bypavanscholar123
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
byDinesh O Bareja
 
C RITICAL A SSESSMENT OF A UDITING C ONTRIBUTIONS T O E FFECTIVE AND E FF...
bycsandit
 

More from Leo Mark Villar

PPTX
Date security identifcation and authentication
byLeo Mark Villar
 
PPTX
Date security security principles
byLeo Mark Villar
 
PPTX
Data security authorization and access control
byLeo Mark Villar
 
PPTX
Date security introduction
byLeo Mark Villar
 
PPTX
Web programming
byLeo Mark Villar
 
PPTX
Computer fundamentals-internet p2
byLeo Mark Villar
 
PPTX
Computer fundamentals-internet p1
byLeo Mark Villar
 
PPTX
Html
byLeo Mark Villar
 
PPTX
Team foundation server
byLeo Mark Villar
 
PPTX
Microsoft office 2013
byLeo Mark Villar
 
PPTX
Sql performance tuning
byLeo Mark Villar
 
PPTX
Angular js
byLeo Mark Villar
 
Date security identifcation and authentication
byLeo Mark Villar
 
Date security security principles
byLeo Mark Villar
 
Data security authorization and access control
byLeo Mark Villar
 
Date security introduction
byLeo Mark Villar
 
Web programming
byLeo Mark Villar
 
Computer fundamentals-internet p2
byLeo Mark Villar
 
Computer fundamentals-internet p1
byLeo Mark Villar
 
Html
byLeo Mark Villar
 
Team foundation server
byLeo Mark Villar
 
Microsoft office 2013
byLeo Mark Villar
 
Sql performance tuning
byLeo Mark Villar
 
Angular js
byLeo Mark Villar
 

Recently uploaded

PDF
Saga: The new era of transactions in a microservices architecture
byGiovanni Marigi
 
PPTX
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
PDF
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
PDF
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
PPTX
On-Device AI with Gemma 3n and PaliGemma 2 Session Slides - GDG VESIT
bygdgcodecellcmpn
 
PDF
Purple Team - Active Directory and AzureAD v1
byVICTOR MAESTRE RAMIREZ
 
PPTX
Full course that Prymehat uploads for you version 2
byOhenebaManu1
 
PPT
Waste water treatment plant operation and maintenance
byDuggineniRamakrishna
 
PDF
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
PDF
Louisville User Group: Transforming Technical Debt into Technical Wealth
byLynda Kane
 
PDF
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
PDF
Higgsfield AI: The New Way to Create Cinematic Video
bytechnologyupside
 
PDF
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
PDF
Presentation on Four Stroke Engine of Ic engine
bySonam Sherpa
 
PDF
Building Software in the AI Era: Spec-Driven Development with Kiro IDE
byHaim Michael
 
PDF
SEO in Charleston SC | Local SEO Strategies to Grow Your Business.pdf
bycustomdigitalsolutio1
 
PPTX
TechSprint Kickoff - Everything You Need to Know
bygdgcodecellcmpn
 
PPTX
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
PDF
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
PPTX
Software Tools for penetration Testing (1).pptx
byAmosCheruiyot13
 
Saga: The new era of transactions in a microservices architecture
byGiovanni Marigi
 
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
On-Device AI with Gemma 3n and PaliGemma 2 Session Slides - GDG VESIT
bygdgcodecellcmpn
 
Purple Team - Active Directory and AzureAD v1
byVICTOR MAESTRE RAMIREZ
 
Full course that Prymehat uploads for you version 2
byOhenebaManu1
 
Waste water treatment plant operation and maintenance
byDuggineniRamakrishna
 
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
Louisville User Group: Transforming Technical Debt into Technical Wealth
byLynda Kane
 
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
Higgsfield AI: The New Way to Create Cinematic Video
bytechnologyupside
 
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
Presentation on Four Stroke Engine of Ic engine
bySonam Sherpa
 
Building Software in the AI Era: Spec-Driven Development with Kiro IDE
byHaim Michael
 
SEO in Charleston SC | Local SEO Strategies to Grow Your Business.pdf
bycustomdigitalsolutio1
 
TechSprint Kickoff - Everything You Need to Know
bygdgcodecellcmpn
 
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
Software Tools for penetration Testing (1).pptx
byAmosCheruiyot13
 

Data security auditing and accountability

  • 1.
  • 2.
    THE NEED FORACCOUNTABILITY Even though we allowed a party to access a resource, we need to ensure that they behave in accordance with rules set.
  • 3.
  • 4.
    ACCOUNTABILITY • Provides themeans to trace activities in our environment back to their source. • Depends on identification, authentication, and access control being present so that one can know who a given transaction is associated with and what permissions were used to allow them to carry it out. • Providing sufficient controls in place to deter or prevent those that would break the rules and abuse the resources they have access to
  • 5.
    SECURITY BENEFITS OF ACCOUNTABILITY •NONREPUDIATION • Refers to a situation in which sufficient evidence exists to prevent an individual from successfully denying that he or she has made a statement, or taken an action. • Example : system or network logs
  • 6.
    SECURITY BENEFITS OF ACCOUNTABILITY •DETERRENCE • If those monitored are aware that they are monitored and has been communicated to them that there will be penalties for acting against the rules, these individuals may think twice before straying outside the lines.
  • 7.
    SECURITY BENEFITS OF ACCOUNTABILITY •INTRUSION DETECTION AND PREVENTION • example implementation of alerts based on unusual activities in our environment and check information we have logged on a regular basis
  • 8.
    SECURITY BENEFITS OF ACCOUNTABILITY •ADMISSIBILITY OF RECORDS • It is often much easier to prove admissibility when records are produced from a regulated and consistent tracking system. This means the organization can provide a solid and documented chain of custody for said evidence such as showing where evidence was at all times, how exactly it passed from one person to another, how it was protected while it was stored and so on.
  • 9.
    AUDITING • A methodologicalexamination and review of resources • Provides with data which can be implemented for accountability
  • 10.
    WHAT DO WEAUDIT • Password • Policies must be implemented to dictate how passwords are constructed and use • Software Licensing • Systems owned by the organization that all software used is appropriately licensed • Internet Usage • Use of instant messaging, e-mails, file transfers, or other transactions
  • 11.
    LOGGING • Gives historyof the activities that have taken place in the environment being logged. • Logging mechanisms can be setup to log anything from solely critical events to every action carried out by the system or software such as : • Software error logs • Hardware failures • Users logging in and out • Resource access • Tasks requiring increased privileges in most logs
  • 12.
    LOGGING • Available toadministrators for review and are usually not modifiable by the users of the system. • Logs must be regularly reviewed in order to catch anything unusual in their contents. • Logs may be asked to be analyze in relation to a particular incident or situation
  • 13.
    MONITORING • Subset ofauditing and tends to focus on observing about the environment being monitored in order to discover undesirable conditions such as failures, resource shortages, security issues, and trends that might signal the arrival of such conditions.
  • 14.
    MONITORING • Typically watchingspecific items of data collected such as : • Resource usage on computers • Network latency • Attacks occurring repeatedly against servers with network interfaces exposed to the Internet • Traffic passing through physical access controls at unusual times of day • CLIPPING LEVEL – activities are occurring levels above what is normally expected
  • 15.
    ASSESSMENTS • A moreactive route of determining whether everything is as it should be and compliant with relevant laws, regulations, policies by examining the environment for vulnerabilities. • APPROACHES • Vulnerability Assessment • Penetration Testing
  • 16.
    VULNERABILITY ASSESSMENT • Involvesuse of vulnerability scanning tools in order to locate a vulnerability. • NESSUS • Vulnerability scanning tool checking target systems to discover which ports are open and then interrogating each open port to find out exactly which service is listening on the port in question. • With the information collected, it checks its database of vulnerability information to determine whether any vulnerability may be presernt.
  • 17.
    PENETRATION TESTING • Mimickingthe techniques an actual attacker may use to penetrate a system.