Data security auditing and accountability
-
Upload
leo-mark-villar -
Category
Technology
-
view
102 -
download
0
Transcript of Data security auditing and accountability
![Page 1: Data security auditing and accountability](https://reader036.fdocuments.net/reader036/viewer/2022082720/587d19961a28abae148b7545/html5/thumbnails/1.jpg)
AUDITING AND ACCOUNTABILITY
![Page 2: Data security auditing and accountability](https://reader036.fdocuments.net/reader036/viewer/2022082720/587d19961a28abae148b7545/html5/thumbnails/2.jpg)
THE NEED FOR ACCOUNTABILITY
Even though we allowed a party to access a
resource, we need to ensure that they behave in accordance with rules
set.
![Page 3: Data security auditing and accountability](https://reader036.fdocuments.net/reader036/viewer/2022082720/587d19961a28abae148b7545/html5/thumbnails/3.jpg)
DATA SECURITY
identification
Authentication
Authorization
Control
Acco
unta
bilit
y
![Page 4: Data security auditing and accountability](https://reader036.fdocuments.net/reader036/viewer/2022082720/587d19961a28abae148b7545/html5/thumbnails/4.jpg)
ACCOUNTABILITY
• Provides the means to trace activities in our environment back to their source.• Depends on identification, authentication, and
access control being present so that one can know who a given transaction is associated with and what permissions were used to allow them to carry it out.• Providing sufficient controls in place to deter or
prevent those that would break the rules and abuse the resources they have access to
![Page 5: Data security auditing and accountability](https://reader036.fdocuments.net/reader036/viewer/2022082720/587d19961a28abae148b7545/html5/thumbnails/5.jpg)
SECURITY BENEFITS OF ACCOUNTABILITY
• NONREPUDIATION• Refers to a situation in which sufficient evidence exists to
prevent an individual from successfully denying that he or she has made a statement, or taken an action.
• Example :system or network logs
![Page 6: Data security auditing and accountability](https://reader036.fdocuments.net/reader036/viewer/2022082720/587d19961a28abae148b7545/html5/thumbnails/6.jpg)
SECURITY BENEFITS OF ACCOUNTABILITY
• DETERRENCE• If those monitored are aware that they are monitored and
has been communicated to them that there will be penalties for acting against the rules, these individuals may think twice before straying outside the lines.
![Page 7: Data security auditing and accountability](https://reader036.fdocuments.net/reader036/viewer/2022082720/587d19961a28abae148b7545/html5/thumbnails/7.jpg)
SECURITY BENEFITS OF ACCOUNTABILITY
• INTRUSION DETECTION AND PREVENTION• example
implementation of alerts based on unusual activities in our environment and check information we have logged on a regular basis
![Page 8: Data security auditing and accountability](https://reader036.fdocuments.net/reader036/viewer/2022082720/587d19961a28abae148b7545/html5/thumbnails/8.jpg)
SECURITY BENEFITS OF ACCOUNTABILITY
• ADMISSIBILITY OF RECORDS• It is often much easier to prove admissibility when records
are produced from a regulated and consistent tracking system. This means the organization can provide a solid and documented chain of custody for said evidence such as showing where evidence was at all times, how exactly it passed from one person to another, how it was protected while it was stored and so on.
![Page 9: Data security auditing and accountability](https://reader036.fdocuments.net/reader036/viewer/2022082720/587d19961a28abae148b7545/html5/thumbnails/9.jpg)
AUDITING
• A methodological examination and review of resources• Provides with data which can be implemented for
accountability
![Page 10: Data security auditing and accountability](https://reader036.fdocuments.net/reader036/viewer/2022082720/587d19961a28abae148b7545/html5/thumbnails/10.jpg)
WHAT DO WE AUDIT
• Password• Policies must be implemented to dictate how passwords
are constructed and use• Software Licensing• Systems owned by the organization that all software used
is appropriately licensed• Internet Usage• Use of instant messaging, e-mails, file transfers, or other
transactions
![Page 11: Data security auditing and accountability](https://reader036.fdocuments.net/reader036/viewer/2022082720/587d19961a28abae148b7545/html5/thumbnails/11.jpg)
LOGGING
• Gives history of the activities that have taken place in the environment being logged.• Logging mechanisms can be setup to log anything
from solely critical events to every action carried out by the system or software such as :• Software error logs• Hardware failures• Users logging in and out• Resource access• Tasks requiring increased privileges in most logs
![Page 12: Data security auditing and accountability](https://reader036.fdocuments.net/reader036/viewer/2022082720/587d19961a28abae148b7545/html5/thumbnails/12.jpg)
LOGGING
• Available to administrators for review and are usually not modifiable by the users of the system.• Logs must be regularly reviewed in order to catch
anything unusual in their contents.• Logs may be asked to be analyze in relation to a
particular incident or situation
![Page 13: Data security auditing and accountability](https://reader036.fdocuments.net/reader036/viewer/2022082720/587d19961a28abae148b7545/html5/thumbnails/13.jpg)
MONITORING
• Subset of auditing and tends to focus on observing about the environment being monitored in order to discover undesirable conditions such as failures, resource shortages, security issues, and trends that might signal the arrival of such conditions.
![Page 14: Data security auditing and accountability](https://reader036.fdocuments.net/reader036/viewer/2022082720/587d19961a28abae148b7545/html5/thumbnails/14.jpg)
MONITORING
• Typically watching specific items of data collected such as :• Resource usage on computers• Network latency• Attacks occurring repeatedly against servers with network
interfaces exposed to the Internet• Traffic passing through physical access controls at unusual
times of day
• CLIPPING LEVEL – activities are occurring levels above what is normally expected
![Page 15: Data security auditing and accountability](https://reader036.fdocuments.net/reader036/viewer/2022082720/587d19961a28abae148b7545/html5/thumbnails/15.jpg)
ASSESSMENTS
• A more active route of determining whether everything is as it should be and compliant with relevant laws, regulations, policies by examining the environment for vulnerabilities.
• APPROACHES• Vulnerability Assessment• Penetration Testing
![Page 16: Data security auditing and accountability](https://reader036.fdocuments.net/reader036/viewer/2022082720/587d19961a28abae148b7545/html5/thumbnails/16.jpg)
VULNERABILITY ASSESSMENT
• Involves use of vulnerability scanning tools in order to locate a vulnerability.
• NESSUS• Vulnerability scanning tool checking target systems to
discover which ports are open and then interrogating each open port to find out exactly which service is listening on the port in question.
• With the information collected, it checks its database of vulnerability information to determine whether any vulnerability may be presernt.
![Page 17: Data security auditing and accountability](https://reader036.fdocuments.net/reader036/viewer/2022082720/587d19961a28abae148b7545/html5/thumbnails/17.jpg)
PENETRATION TESTING
• Mimicking the techniques an actual attacker may use to penetrate a system.