SlideShare a Scribd company logo

Logging, monitoring and auditing

Download as PPTX, PDF
Piyush Jain
Piyush Jain

The document discusses logging, monitoring, auditing, and the importance of management review controls. It provides details on: - What a security audit involves, including assessing physical, software, network, and human aspects of an information system. - How security auditing works by testing adherence to internal IT policies and external standards/regulations. - The purpose of monitoring security logs to detect anomalies and threats, given the large volume of logs generated. - The benefits of logging, monitoring and reporting which include stronger governance, oversight, security and compliance. - How management review controls are important for an effective control environment and ensuring accuracy of key security documents.

1 of 26
Logging, Monitoring and Auditing
A security audit is a comprehensive assessment of your organization’s information system; typically, this assessment measures your information system’s security against an audit checklist of industry best practices, externally established standards, or federal regulations. A comprehensive security audit will assess an organization’s security controls relating to the following: ● physical components of your information system and the environment in which the information system is housed. ● applications and software, including security patches your systems administrators have already implemented. ● network vulnerabilities, including evaluations of information as it travels between different points within, and external of, your organization’s network ● the human dimension, including how employees collect, share, and store highly sensitive information. What is a security audit?
A security audit works by testing whether your organization’s information system is adhering to a set of internal or external criteria regulating data security. Internal criteria includes your company’s IT policies and procedures and security controls. External criteria include like federal regulations like the Health Insurance Portability and Accountability Act (HIPAA) and Cyber Audit India, and standards set by the International Organization for Standardization (ISO) or the National Cyber Safety and Security Standards. A security audit compares your organization’s actual IT practices with the standards relevant to your enterprise, and will identify areas for remediation and growth. How Does a Security Audit Work?
A security audit will provide a roadmap of your organization’s main information security weaknesses and identify where it is meeting the criteria the organization has set out to follow and where it isn’t. Security audits are crucial to developing risk assessment plans and mitigation strategies for organizations that deal with individuals’ sensitive and confidential data. What Is the Main Purpose of a Security Audit?
A security audit in cybersecurity will ensure that there is adequate protection for your organization’s networks, devices, and data from leaks, data breaches, and criminal interference. Security audits are one of three primary types of cybersecurity assessment strategies — the other two are penetration testing and vulnerability assessment, both of which involve running real-time tests on the strength of firewalls, malware, passwords, and data protection measures. What is Security Auditing in Cybersecurity?
A security audit consists of a complete assessment of all components of your IT infrastructure — this includes operating systems, servers, digital communication and sharing tools, applications, data storage and collection processes, and more. There are a few common components/steps: 1. Select Security Audit Criteria 2. Assess Staff Training 3. Monitor Network Logs 4. Identify Vulnerabilities 5. Implement Protections What Does a Security Audit Consist of?
Steps of Security Audit 1. Select Security Audit Criteria Determine which external criteria you want or need to meet, and use these to develop your list of security features to analyze and test. Also keep a record of your organization’s internal policies, if your IT team anticipates cybersecurity concerns that external criteria may not cover. 2. Assess Staff Training The more people who have access to highly sensitive data, the greater the chance for human error. Make sure there is a record of which staff members have access to sensitive information and which employees have been trained in cybersecurity risk management or compliance practices. Plan to train those who still require training.
3. Monitor Network Logs Monitor network activity and event logs. Keeping close track of logs will help to ensure only employees with the proper permissions are accessing restricted data, and that those employees are following the proper security measures. 4. Identify Vulnerabilities Before conducting a penetration test or vulnerability assessment, your security audit should uncover some of your most glaring vulnerabilities, like whether a security patch is outdated or employee passwords haven’t been changed in over a year. Regular security audits make penetration tests and vulnerability assessments more efficient and effective. Steps of Security Audit
5. Implement Protections Once you have reviewed the organization’s vulnerabilities and ensured that staff is trained and following the proper protocol, make sure the organization is employing internal controls to prevent fraud, like limiting users’ access to sensitive data. Check that wireless networks are secure, encryption tools are up-to-date, and that the proper anti-virus software has been installed and updated across the entire network. Steps of Security Audit
Companies need regular security audits: ● To make sure they are properly protecting their clients’ private information, complying with federal regulations, and avoiding liability and costly fines. ● To avoid penalties, companies need to keep up with ever-changing federal regulations like HIPAA and CAI. ● Periodic security audits are necessary to make sure your organization is up to speed with any new requirements. Why Do Companies Need Security Audits?
Security Audit Architecture • Event discriminator: logic embedded into the system software that monitors system activity and detects security-related events that it has been configured to detect. • Audit recorder: event discriminator sends event messages to the audit recorder. • Alarm processor: some events are alarm events sent to an alarm processor. • Security audit trail: list of formatted event records • Audit analyzer: based on a pattern of activity, may define a new auditable event that is sent to the audit recorder and may generate an alarm.
Security Audit Architecture • Audit archiver: extracts records from audit trail to create a permanent archive. • Archives: a permanent store of security-related events on this system. • Audit provider: an application and/or user interface to the audit trail. • Audit trail examiner: an application or user who examines the audit trail and the audit archives for historical trends, for computer forensic purposes / other analysis. • Security reports: the audit trail examiner prepares human-readable security reports.
Security Auditing Functions Data generation: Identifies the level of auditing, enumerates the types of auditable events Event selection: Inclusion or exclusion of events from the auditable set Event storage: Creation and maintenance of the secure audit trail Automatic response: reactions taken if detect a possible security violation event Audit analysis: automated mechanisms to analyze audit data in search of security violations Audit review: available to authorized users to assist in audit data review
Logging provides a record of events related to IT systems and processes. Each recorded event is a log entry, denoting information such as what occurred, when it occurred, and who or what caused it. A log might be as simple as a text list of application log-ons for a service host or as complex as a description of transactions across an ERP system. Benefits of Logging Successful logging offers value beyond compliance that includes support of overall IT functions including performance management, change management, security management, and project planning. Logging
Security logs provide little to no value if they are not monitored. In fact, attackers hedge their bet that their target does not monitor their logs. Log monitoring is essentially reviewing the recorded log entries for anomalous, abnormal, or suspicious events. While log monitoring can be performed manually, it is not efficient and should be reserved for more detailed analysis supported by automation. What is Monitoring?
The importance of monitoring security events via logs cannot be understated. Without active log monitoring, the likelihood that an attacker maintains an undetected persistent presence increases significantly. While the prevention of breaches is highly preferred, detection of a breach is a must, and the primary detection mechanism for breaches is the identification of anomalous activity in security logs. Why Is Monitoring Important?
Systems today generate incredible volumes of logs, so automation is essentially required in order to perform any reliable level of log monitoring and analysis. The primary tool used today for security log monitoring is a security information and event management (SIEM) platform. There are numerous SIEMs on the market today which provide a host of different capabilities, but the primary premise of a SIEM is to collect or ingest logs from multiple sources, perform or enable efficient analysis, and perform a designated action such as alerting on events of interest. Automation in Monitoring
The primary challenges regarding security logging and monitoring are the sheer volume of logs that are generated by information systems and applications and the lack of trained security staff to identify abnormal events using a SIEM or other automated techniques. Additional challenges include differing log formats based on the OS or application generating the log, differing log content which makes it difficult to follow a thread across multiple platforms, and non-standardized time stamps. Fortunately, today’s SIEM platforms are able to normalize log entries into a common, parsable format while also retaining the original log entry if required to support more in-depth analysis. What Are the Challenges to Logging and Monitoring?
Reporting refers to the generation (automatic or manual) of reports that indicate the status of IT controls designed to meet compliance goals. Reporting is intermeshed with both monitoring and logging, since reports can be based on the output of both monitoring and logging activities. To complicate the mix, some authorities—such as ISO 27002—require management to report on the effectiveness of reporting and monitoring controls. Benefits of Reporting Reports are the currency of compliance for auditors. Without reliable, accurate, consistent, and verifiable reporting, there can be no compliance assurance. Good reporting also helps IT managers to evaluate system and employee performance over time and provides input for balanced scorecards and other managerial mechanisms. Reporting
Stronger IT governance—Logging, monitoring, and reporting are the information lifeblood of compliance, risk management, and governance. They reveal problems, put performance indicators behind managerial decisions, and supply evidence for control assurance, and provide evidence for risk analyses. Better managerial oversight—By providing a record of real-world events, logs provide invaluable information that can validate or dispel managerial assumptions, reveal unrecognized performance issues, point to problem-specific solutions, and provide case studies for staff training. Benefits of logging, monitoring, and reporting
Support of corporate information security—Logs can provide a record of access and authentication events, note configuration or application changes that could compromise system integrity, record details of inbound and outbound information traffic, and provide a corpus of evidence for forensic investigation of security breaches. Stronger service-level agreements (SLAs)—Logs monitoring is a critical component of SLA assurance, revealing service interruptions, threats to network stability, and other critical evidence that support troubleshooting efforts. Performance validation—Logs and monitoring provide the basis for performance measurement, while reporting requirements ensure that managers have the information they need to make intelligent decisions about process changes that impact performance outcomes. Benefits of logging, monitoring, and reporting
More effective change control—Logs provide a record of configuration, application, network, and other types of changes that might otherwise go unnoticed by management. Regulatory Compliance—Logging, monitoring, and reporting provide both the means and data for auditing, intrusion monitoring, compliance monitoring, and ensuring adherence to segregation of duties. Benefits of logging, monitoring, and reporting
Management review controls are any key reviews performed by a company’s management over Security information such as estimates for reasonableness and accuracy. In most cases, a manager will review the specific Security document (e.g., log reports, etc.) prepared by a Security analyst, review the document in detail and work with the analyst to reconcile any discrepancies, and sign-off on the Security document. Management Control Reviews
Define the Matter: Define the matter with specific risks, focusing on the nature of potential errors and how they occur. Specify Objectives: Specify objectives by identifying the points within the process that could give rise to the specific risk(s) and evaluate whether the control attributes of the MRC sufficiently address each of those points. Identify Possibilities: Identify possibilities by challenging assumptions, ensuring clearly defined actions, including triggers for investigation and prescribed plans for resolution. Gather and analyze info: Gather and analyze information that depicts performance of each control attribute. Examine physical evidence of procedures performed, observe actions that occur, and evaluate their sufficiency to meet objectives. Reach conclusion: Reach conclusion as to the sufficiency of the control’s ability to prevent or detect specified risks. Has each objective been met appropriately? Reflect: Reflect on conclusions reached. Are each of the identified risk(s) sufficiently addressed through the controls after consideration of their design and implementation? Steps may be applied to an MRC
Management Review Controls are important because they are critical to an effective control environment. The documents reviewed as part of MRCs cover a wide spectrum - some examples include: ● Review of a reconciliation ● Review of journal entries ● Review for triggering events ● Review of the work supporting an estimate Why are Management Review Controls So Important?
Thank You

Recommended

Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Incident handling.final
Incident handling.finalIncident handling.final
Incident handling.final
ahmad abdelhafeez
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
 
Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
Network Intelligence India
 
The information security audit
The information security auditThe information security audit
The information security audit
Dhani Ahmad
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 

Recommended

Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Incident handling.final
Incident handling.finalIncident handling.final
Incident handling.final
ahmad abdelhafeez
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
 
Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
Network Intelligence India
 
The information security audit
The information security auditThe information security audit
The information security audit
Dhani Ahmad
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptx
AjayKumar73315
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
Ersoy AKSOY
 
Cyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapCyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model Roadmap
David Sweigert
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
SandeepK707540
 
Security risk management
Security risk managementSecurity risk management
Security risk management
G Prachi
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Security Audit Best-Practices
Security Audit Best-PracticesSecurity Audit Best-Practices
Security Audit Best-Practices
Marco Raposo
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
Net at Work
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
Damilola Mosaku
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
primeteacher32
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
primeteacher32
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
Bhushan Gurav
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
Mohammed Adam
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
Allan Pratt MBA
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
Erik Taavila
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
Alan Holyoke
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
abhichowdary16
 

More Related Content

What's hot

Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptx
AjayKumar73315
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
Ersoy AKSOY
 
Cyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapCyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model Roadmap
David Sweigert
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
SandeepK707540
 
Security risk management
Security risk managementSecurity risk management
Security risk management
G Prachi
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Security Audit Best-Practices
Security Audit Best-PracticesSecurity Audit Best-Practices
Security Audit Best-Practices
Marco Raposo
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
Net at Work
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
Damilola Mosaku
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
primeteacher32
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
primeteacher32
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
Bhushan Gurav
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
Mohammed Adam
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
Allan Pratt MBA
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
Erik Taavila
 

What's hot (20)

Security policies
Security policiesSecurity policies
Security policies
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptx
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
Cyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapCyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model Roadmap
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
Security Audit Best-Practices
Security Audit Best-PracticesSecurity Audit Best-Practices
Security Audit Best-Practices
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 

Similar to Logging, monitoring and auditing

Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
Alan Holyoke
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
abhichowdary16
 
SDET UNIT 5.pptx
SDET UNIT 5.pptxSDET UNIT 5.pptx
SDET UNIT 5.pptx
PallawiBulakh1
 
internet securityand cyber law Unit3 1
internet securityand cyber law Unit3 1internet securityand cyber law Unit3 1
internet securityand cyber law Unit3 1
Royalzig Luxury Furniture
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
LynellBull52
 
Security auditing architecture
Security auditing architectureSecurity auditing architecture
Security auditing architecture
Vishnupriya T H
 
Why Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdfWhy Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdf
aotmp2600
 
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Security Experts
 
Security-Monitoring-and-Improvement.pptx
Security-Monitoring-and-Improvement.pptxSecurity-Monitoring-and-Improvement.pptx
Security-Monitoring-and-Improvement.pptx
MuhammadAbdullah311866
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
JoshJaro
 
Information systems and its components iii
Information systems and its components iiiInformation systems and its components iii
Information systems and its components iii
Ashish Desai
 
What Every Organization Should Log And Monitor
What Every Organization Should Log And MonitorWhat Every Organization Should Log And Monitor
What Every Organization Should Log And Monitor
Anton Chuvakin
 
Controls in Audit.pptx
Controls in Audit.pptxControls in Audit.pptx
Controls in Audit.pptx
HardikKundra
 
Source Code Audit in Application Development.pptx
Source Code Audit in Application Development.pptxSource Code Audit in Application Development.pptx
Source Code Audit in Application Development.pptx
GROWEXX LTD
 
Security metrics
Security metrics Security metrics
Security metrics
PRAYAGRAJ11
 
Ch10 Conducting Audits
Ch10 Conducting AuditsCh10 Conducting Audits
Ch10 Conducting Audits
Information Technology
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
Ros Dina
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
Muhammad Azmy
 
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptxLIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
SonuSingh81247
 

Similar to Logging, monitoring and auditing (20)

Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
 
SDET UNIT 5.pptx
SDET UNIT 5.pptxSDET UNIT 5.pptx
SDET UNIT 5.pptx
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 
internet securityand cyber law Unit3 1
internet securityand cyber law Unit3 1internet securityand cyber law Unit3 1
internet securityand cyber law Unit3 1
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
 
Security auditing architecture
Security auditing architectureSecurity auditing architecture
Security auditing architecture
 
Why Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdfWhy Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdf
 
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
 
Security-Monitoring-and-Improvement.pptx
Security-Monitoring-and-Improvement.pptxSecurity-Monitoring-and-Improvement.pptx
Security-Monitoring-and-Improvement.pptx
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
 
Information systems and its components iii
Information systems and its components iiiInformation systems and its components iii
Information systems and its components iii
 
What Every Organization Should Log And Monitor
What Every Organization Should Log And MonitorWhat Every Organization Should Log And Monitor
What Every Organization Should Log And Monitor
 
Controls in Audit.pptx
Controls in Audit.pptxControls in Audit.pptx
Controls in Audit.pptx
 
Source Code Audit in Application Development.pptx
Source Code Audit in Application Development.pptxSource Code Audit in Application Development.pptx
Source Code Audit in Application Development.pptx
 
Security metrics
Security metrics Security metrics
Security metrics
 
Ch10 Conducting Audits
Ch10 Conducting AuditsCh10 Conducting Audits
Ch10 Conducting Audits
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
 
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptxLIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
 

More from Piyush Jain

Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
Piyush Jain
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptx
Piyush Jain
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access management
Piyush Jain
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operations
Piyush Jain
 
Assembly language
Assembly languageAssembly language
Assembly language
Piyush Jain
 
Windows internals
Windows internalsWindows internals
Windows internals
Piyush Jain
 

More from Piyush Jain (6)

Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptx
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access management
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operations
 
Assembly language
Assembly languageAssembly language
Assembly language
 
Windows internals
Windows internalsWindows internals
Windows internals
 

Recently uploaded

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 

Logging, monitoring and auditing

  • 2. A security audit is a comprehensive assessment of your organization’s information system; typically, this assessment measures your information system’s security against an audit checklist of industry best practices, externally established standards, or federal regulations. A comprehensive security audit will assess an organization’s security controls relating to the following: ● physical components of your information system and the environment in which the information system is housed. ● applications and software, including security patches your systems administrators have already implemented. ● network vulnerabilities, including evaluations of information as it travels between different points within, and external of, your organization’s network ● the human dimension, including how employees collect, share, and store highly sensitive information. What is a security audit?
  • 3. A security audit works by testing whether your organization’s information system is adhering to a set of internal or external criteria regulating data security. Internal criteria includes your company’s IT policies and procedures and security controls. External criteria include like federal regulations like the Health Insurance Portability and Accountability Act (HIPAA) and Cyber Audit India, and standards set by the International Organization for Standardization (ISO) or the National Cyber Safety and Security Standards. A security audit compares your organization’s actual IT practices with the standards relevant to your enterprise, and will identify areas for remediation and growth. How Does a Security Audit Work?
  • 4. A security audit will provide a roadmap of your organization’s main information security weaknesses and identify where it is meeting the criteria the organization has set out to follow and where it isn’t. Security audits are crucial to developing risk assessment plans and mitigation strategies for organizations that deal with individuals’ sensitive and confidential data. What Is the Main Purpose of a Security Audit?
  • 5. A security audit in cybersecurity will ensure that there is adequate protection for your organization’s networks, devices, and data from leaks, data breaches, and criminal interference. Security audits are one of three primary types of cybersecurity assessment strategies — the other two are penetration testing and vulnerability assessment, both of which involve running real-time tests on the strength of firewalls, malware, passwords, and data protection measures. What is Security Auditing in Cybersecurity?
  • 6. A security audit consists of a complete assessment of all components of your IT infrastructure — this includes operating systems, servers, digital communication and sharing tools, applications, data storage and collection processes, and more. There are a few common components/steps: 1. Select Security Audit Criteria 2. Assess Staff Training 3. Monitor Network Logs 4. Identify Vulnerabilities 5. Implement Protections What Does a Security Audit Consist of?
  • 7. Steps of Security Audit 1. Select Security Audit Criteria Determine which external criteria you want or need to meet, and use these to develop your list of security features to analyze and test. Also keep a record of your organization’s internal policies, if your IT team anticipates cybersecurity concerns that external criteria may not cover. 2. Assess Staff Training The more people who have access to highly sensitive data, the greater the chance for human error. Make sure there is a record of which staff members have access to sensitive information and which employees have been trained in cybersecurity risk management or compliance practices. Plan to train those who still require training.
  • 8. 3. Monitor Network Logs Monitor network activity and event logs. Keeping close track of logs will help to ensure only employees with the proper permissions are accessing restricted data, and that those employees are following the proper security measures. 4. Identify Vulnerabilities Before conducting a penetration test or vulnerability assessment, your security audit should uncover some of your most glaring vulnerabilities, like whether a security patch is outdated or employee passwords haven’t been changed in over a year. Regular security audits make penetration tests and vulnerability assessments more efficient and effective. Steps of Security Audit
  • 9. 5. Implement Protections Once you have reviewed the organization’s vulnerabilities and ensured that staff is trained and following the proper protocol, make sure the organization is employing internal controls to prevent fraud, like limiting users’ access to sensitive data. Check that wireless networks are secure, encryption tools are up-to-date, and that the proper anti-virus software has been installed and updated across the entire network. Steps of Security Audit
  • 10. Companies need regular security audits: ● To make sure they are properly protecting their clients’ private information, complying with federal regulations, and avoiding liability and costly fines. ● To avoid penalties, companies need to keep up with ever-changing federal regulations like HIPAA and CAI. ● Periodic security audits are necessary to make sure your organization is up to speed with any new requirements. Why Do Companies Need Security Audits?
  • 11. Security Audit Architecture • Event discriminator: logic embedded into the system software that monitors system activity and detects security-related events that it has been configured to detect. • Audit recorder: event discriminator sends event messages to the audit recorder. • Alarm processor: some events are alarm events sent to an alarm processor. • Security audit trail: list of formatted event records • Audit analyzer: based on a pattern of activity, may define a new auditable event that is sent to the audit recorder and may generate an alarm.
  • 12. Security Audit Architecture • Audit archiver: extracts records from audit trail to create a permanent archive. • Archives: a permanent store of security-related events on this system. • Audit provider: an application and/or user interface to the audit trail. • Audit trail examiner: an application or user who examines the audit trail and the audit archives for historical trends, for computer forensic purposes / other analysis. • Security reports: the audit trail examiner prepares human-readable security reports.
  • 13. Security Auditing Functions Data generation: Identifies the level of auditing, enumerates the types of auditable events Event selection: Inclusion or exclusion of events from the auditable set Event storage: Creation and maintenance of the secure audit trail Automatic response: reactions taken if detect a possible security violation event Audit analysis: automated mechanisms to analyze audit data in search of security violations Audit review: available to authorized users to assist in audit data review
  • 14. Logging provides a record of events related to IT systems and processes. Each recorded event is a log entry, denoting information such as what occurred, when it occurred, and who or what caused it. A log might be as simple as a text list of application log-ons for a service host or as complex as a description of transactions across an ERP system. Benefits of Logging Successful logging offers value beyond compliance that includes support of overall IT functions including performance management, change management, security management, and project planning. Logging
  • 15. Security logs provide little to no value if they are not monitored. In fact, attackers hedge their bet that their target does not monitor their logs. Log monitoring is essentially reviewing the recorded log entries for anomalous, abnormal, or suspicious events. While log monitoring can be performed manually, it is not efficient and should be reserved for more detailed analysis supported by automation. What is Monitoring?
  • 16. The importance of monitoring security events via logs cannot be understated. Without active log monitoring, the likelihood that an attacker maintains an undetected persistent presence increases significantly. While the prevention of breaches is highly preferred, detection of a breach is a must, and the primary detection mechanism for breaches is the identification of anomalous activity in security logs. Why Is Monitoring Important?
  • 17. Systems today generate incredible volumes of logs, so automation is essentially required in order to perform any reliable level of log monitoring and analysis. The primary tool used today for security log monitoring is a security information and event management (SIEM) platform. There are numerous SIEMs on the market today which provide a host of different capabilities, but the primary premise of a SIEM is to collect or ingest logs from multiple sources, perform or enable efficient analysis, and perform a designated action such as alerting on events of interest. Automation in Monitoring
  • 18. The primary challenges regarding security logging and monitoring are the sheer volume of logs that are generated by information systems and applications and the lack of trained security staff to identify abnormal events using a SIEM or other automated techniques. Additional challenges include differing log formats based on the OS or application generating the log, differing log content which makes it difficult to follow a thread across multiple platforms, and non-standardized time stamps. Fortunately, today’s SIEM platforms are able to normalize log entries into a common, parsable format while also retaining the original log entry if required to support more in-depth analysis. What Are the Challenges to Logging and Monitoring?
  • 19. Reporting refers to the generation (automatic or manual) of reports that indicate the status of IT controls designed to meet compliance goals. Reporting is intermeshed with both monitoring and logging, since reports can be based on the output of both monitoring and logging activities. To complicate the mix, some authorities—such as ISO 27002—require management to report on the effectiveness of reporting and monitoring controls. Benefits of Reporting Reports are the currency of compliance for auditors. Without reliable, accurate, consistent, and verifiable reporting, there can be no compliance assurance. Good reporting also helps IT managers to evaluate system and employee performance over time and provides input for balanced scorecards and other managerial mechanisms. Reporting
  • 20. Stronger IT governance—Logging, monitoring, and reporting are the information lifeblood of compliance, risk management, and governance. They reveal problems, put performance indicators behind managerial decisions, and supply evidence for control assurance, and provide evidence for risk analyses. Better managerial oversight—By providing a record of real-world events, logs provide invaluable information that can validate or dispel managerial assumptions, reveal unrecognized performance issues, point to problem-specific solutions, and provide case studies for staff training. Benefits of logging, monitoring, and reporting
  • 21. Support of corporate information security—Logs can provide a record of access and authentication events, note configuration or application changes that could compromise system integrity, record details of inbound and outbound information traffic, and provide a corpus of evidence for forensic investigation of security breaches. Stronger service-level agreements (SLAs)—Logs monitoring is a critical component of SLA assurance, revealing service interruptions, threats to network stability, and other critical evidence that support troubleshooting efforts. Performance validation—Logs and monitoring provide the basis for performance measurement, while reporting requirements ensure that managers have the information they need to make intelligent decisions about process changes that impact performance outcomes. Benefits of logging, monitoring, and reporting
  • 22. More effective change control—Logs provide a record of configuration, application, network, and other types of changes that might otherwise go unnoticed by management. Regulatory Compliance—Logging, monitoring, and reporting provide both the means and data for auditing, intrusion monitoring, compliance monitoring, and ensuring adherence to segregation of duties. Benefits of logging, monitoring, and reporting
  • 23. Management review controls are any key reviews performed by a company’s management over Security information such as estimates for reasonableness and accuracy. In most cases, a manager will review the specific Security document (e.g., log reports, etc.) prepared by a Security analyst, review the document in detail and work with the analyst to reconcile any discrepancies, and sign-off on the Security document. Management Control Reviews
  • 24. Define the Matter: Define the matter with specific risks, focusing on the nature of potential errors and how they occur. Specify Objectives: Specify objectives by identifying the points within the process that could give rise to the specific risk(s) and evaluate whether the control attributes of the MRC sufficiently address each of those points. Identify Possibilities: Identify possibilities by challenging assumptions, ensuring clearly defined actions, including triggers for investigation and prescribed plans for resolution. Gather and analyze info: Gather and analyze information that depicts performance of each control attribute. Examine physical evidence of procedures performed, observe actions that occur, and evaluate their sufficiency to meet objectives. Reach conclusion: Reach conclusion as to the sufficiency of the control’s ability to prevent or detect specified risks. Has each objective been met appropriately? Reflect: Reflect on conclusions reached. Are each of the identified risk(s) sufficiently addressed through the controls after consideration of their design and implementation? Steps may be applied to an MRC
  • 25. Management Review Controls are important because they are critical to an effective control environment. The documents reviewed as part of MRCs cover a wide spectrum - some examples include: ● Review of a reconciliation ● Review of journal entries ● Review for triggering events ● Review of the work supporting an estimate Why are Management Review Controls So Important?