47132
Description
Mind Map by srikumar.cs, updated more than 1 year ago
|
Created by srikumar.cs
over 11 years ago
|
|
Unit 7 : Audits
- Check of accounts
- Efficiency Check
- Types of Audit
- Internal Audit
- External Audit
- Independence and Integrity is key
- Independence is a regulatory
requirement in some cases
- Independence and Integrity is key
- Security Audit
- Internal Audit
- Role within security framework
- Physical
- Preventative :
Locks & Keys,
Biometric Sensors,
Fire extinguisher,
backup power
- Detective : Alarms &
Sensors, Smoke and fire
detect, motion detectors
- Preventative :
Locks & Keys,
Biometric Sensors,
Fire extinguisher,
backup power
- Technical
- Preventative :
Firewalls,
Antiviruses,
Encryption,
Access Control
- Detective :
Pen Testing,
Audit trails,
Auto configs,
Intrusion detect
- Preventative :
Firewalls,
Antiviruses,
Encryption,
Access Control
- Administrative
- Preventative : Training ,
Process awareness,
security awareness,
Disaster recovery
- Detective :
Security audit,
Security Review,
Incident
investigations,
performance eval
- Preventative : Training ,
Process awareness,
security awareness,
Disaster recovery
- Physical
- Security Reviews
- Business Process Reviews
Annotations:
- 1: Completeness, accuracy and validity of transactions 2: Restricted access to assets and records
- IT Process Reviews
Annotations:
- 1: Change control over existing environments 2: Development / implementation of new systems 3: Security and operations over environment
- Business Process Reviews
- Penetration Testing
- Businesses are increasingly dependent on IT
- Increased system vulnerabiilties
- Pen testers need to have high integrity, tech skills
- Maintain confidentiality of reports
- Businesses are increasingly dependent on IT
- Security audit and review
- Compare against standards, other
companies and other divisions
- Test whether procedures are followed
- Report findings to the management
- Benchmarking and baselining
- Compare against standards, other
companies and other divisions
- Incident Investigation
- How to respond?????
Annotations:
- 1: Put your strategy in place 2: Why are you investigating? 3: Who is investigating? 4: Who needs to know? 5: Whats the end-point
- Evidence handling
Annotations:
- 1: Audit trails, system logs, phone records, emails & backups 2: Evidence handling and security procedures are essential 3: usually work off a copy rather than the evidence itself
- Investigating and analysing
- How to respond?????
Want to create your own Mind Maps for free with GoConqr? Learn more.