Unit 7 : Audits

Unit 7 : Audits

Check of accounts
Efficiency Check
Types of Audit
1. Internal Audit
2. External Audit
  1. Independence and Integrity is key
  2. Independence is a regulatory requirement in some cases
3. Security Audit
Role within security framework
1. Physical
  1. Preventative : Locks & Keys, Biometric Sensors, Fire extinguisher, backup power
  2. Detective : Alarms & Sensors, Smoke and fire detect, motion detectors
2. Technical
  1. Preventative : Firewalls, Antiviruses, Encryption, Access Control
  2. Detective : Pen Testing, Audit trails, Auto configs, Intrusion detect
3. Administrative
  1. Preventative : Training , Process awareness, security awareness, Disaster recovery
  2. Detective : Security audit, Security Review, Incident investigations, performance eval
Security Reviews
1. Business Process Reviews
  Nota:
  - 1: Completeness, accuracy and validity of transactions 2: Restricted access to assets and records
2. IT Process Reviews
  Nota:
  - 1: Change control over existing environments 2: Development / implementation of new systems 3: Security and operations over environment
Penetration Testing
1. Businesses are increasingly dependent on IT
2. Increased system vulnerabiilties
3. Pen testers need to have high integrity, tech skills
4. Maintain confidentiality of reports
Security audit and review
1. Compare against standards, other companies and other divisions
2. Test whether procedures are followed
3. Report findings to the management
4. Benchmarking and baselining
Incident Investigation
1. How to respond?????
  Nota:
  - 1: Put your strategy in place 2: Why are you investigating? 3: Who is investigating? 4: Who needs to know? 5: Whats the end-point
2. Evidence handling
  Nota:
  - 1: Audit trails, system logs, phone records, emails & backups 2: Evidence handling and security procedures are essential 3: usually work off a copy rather than the evidence itself
3. Investigating and analysing

Siguiente

Descripción

Resumen del Recurso

Similar

	Creado por srikumar.cs hace más de 11 años