Definition of Auditing
What is auditing?
A computer security audit is a process that can verify that certain standards have been met, and identify areas in need of remediation or improvement. Decades ago, identifying the problem areas had to be done by a team of human auditors, but now software can analyze what's on a computer, and present information.
|
|
Auditing
|
|
Case Study: Automating Common InfoSec Auditing Tasks on a Windows 2000 Network
Policies are only as good as the procedures used to implement them. When the procedures are too cumbersome or time-consuming, it is likely that policy compliance will suffer. Unrealistic procedures can lead to "implemented policies" that are weaker than the stated policies. Conversely, ensuring that procedures are easy to implement has the effect of making full policy compliance more likely. In this case study, we will examine how automating information security audit procedures at a university had the effect of increasing security through increased policy compliance. We will discuss three stated policies, their associated procedures, and how poorly designed procedures led to weak "implemented policies." We will then discuss how the procedures were automated, and, finally, discuss the effects of the automation on the university's overall security stance.
Read the Article
|
Security Auditing In Microsoft SQL Server
How do we properly audit activity in a database? Native auditing fails here because it is fully under the control of the DBA. He or she can easily turn off auditing, clear the audit logs, manipulate an audit record, or even reconfigure auditing to filter out their own malicious activity. Auditing should ultimately provide a separation of duties. An ideal audit system would be intelligent enough to distinguish database administrative accounts, filter out noise and irrelevant events, and succinctly illustrate their activities. Auditing data should be written to a secure location, where even an administrator of the database would not have direct control over the recorded activity.
Read the Article
|
Will Your Network Pass a Security Audit?
It is a well-known fact that in the Internet-connected world network perimeter vulnerabilities do exist that allow unauthorized individuals access to networks and provide the ability to disrupt business continuance. Well-prepared companies do know about many of these vulnerabilities and they correct them whenever appropriate. However, there are a large number of new, as well as older vulnerabilities that the average company is just not aware of.
Read the Article
|
Low-Level Enumeration With TCP/IP
We've all used most of the popular stealth scanning techniques out there right now. Tools such as nmap are excellent for enumerating remote hosts with increasingly complex techniques. The only problem being most of the nmap users out there do not take the time to find out exactly what is going on behind the scenes to make these scans work. In the following paragraphs I will attempt to explain the theory and concept behind many of today's advanced scanning techniques, and try to show you what is going on behind the scenes with them.
Read the Article
|
A Practical Guide to Auditing an ASP
Currently there are no "how-tos" or publications on auditing an ASP. Therefore, in this assignment I plan to provide a clear and practical guide on how to audit an ASP. This guide will first define what an ASP is and provide a brief history on the ASP market. Next, the guide will document the actual approach or method of auditing an ASP. This method will contain information on how to research the targeted ASP, determine the audit scope (which due to the environment can be a difficult task), complete the risk assessment, develop controls that encompass the numerous standards, map the controls to regulations, create a checklist, conduct the actual audit, and finally generate a report.
Read the Article
|
The Application Audit Process - A Guide for Information Security Professionals
This paper is meant to be a guide for IT professionals, whose applications are audited, either by an internal or external IS audit. It provides a basic understanding of the IS Audit process.
Read the Article
|
|
|
Page: 1 2
Members currently browsing this category:
|
|
