AUDIT LOGGING/LOG MANAGEMENT

Similar documents

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

Enterprise SysLog Manager (ESM)

Profil stručnjaka za informacijsku sigurnost - certificirati se ili ne? Biljana Cerin, CISA, CISM, CGEIT, CBCP, PMP

Key Considerations of Regulatory Compliance in the Public Cloud

Top Ten Technology Risks Facing Colleges and Universities

HOW SECURE IS YOUR PAYMENT CARD DATA?

Cloud Security and Managing Use Risks

Database Security and Auditing

Cyber security tackling the risks with new solutions and co-operation Miikka Pönniö

Session 334 Incident Management. Jeff Roth, CISA, CGEIT, CISSP

Information Security and Risk Management

Eric Moriak - CISSP, CISM, CGEIT, CISA, CIA Program Manager - IT Audit Children s Medical Center Dallas. Dallas, Texas

Information Security Governance:

KEY TRENDS AND DRIVERS OF SECURITY

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

Scalability in Log Management

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Fear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured!

Client Security Risk Assessment Questionnaire

SANS Top 20 Critical Controls for Effective Cyber Defense

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

CYBERSECURITY: ISSUES AND ISACA S RESPONSE

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Information Technology General Controls And Best Practices

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

HIPAA Compliance Evaluation Report

System Audit Framework

Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.

COMPUTER OPERATIONS - BACKUP AND RESTORATION

Altius IT Policy Collection Compliance and Standards Matrix

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:

IT Audit in the Cloud

University of Pittsburgh Security Assessment Questionnaire (v1.5)

How to effectively respond to an information security incident

Eliminating Cybersecurity Blind Spots

Director, IT Security District Office Kern Community College District JOB DESCRIPTION

Critical Controls for Cyber Security.

State of Vermont. Intrusion Detection and Prevention Policy. Date: Approved by: Tom Pelham Policy Number:

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

SECURITY 2.0 LUNCHEON

Chapter 1 The Principles of Auditing 1

PCI Compliance for Cloud Applications

BKDconnect Security Overview

INFORMATION SECURITY FOR YOUR AGENCY

Logging In: Auditing Cybersecurity in an Unsecure World

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Is Your IT Environment Secure? November 18, Sarah Ackerman, Greg Bernard, Brian Matteson Clark Schaefer Consulting

Best Practices for Database Security

BMC s Security Strategy for ITSM in the SaaS Environment

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

Preparing for PCI DSS 3.0 & Ensuring a Seamless Transition. November 2013

Organizational Issues of Implementing Intrusion Detection Systems (IDS) Shayne Pitcock, CISSP First Data Corporation

Managing Cloud Computing Risk

Italy. EY s Global Information Security Survey 2013

Surviving an IT Audit. Michael Hammond, CISA, CRISC, CISSP, C EH Director, IT Audit Services O Connor & Drew P.C. mhammond@ocd.com

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

Identity Theft Prevention Program (FACTA Identity Theft Red Flags Rule)

Netwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure

Keyfort Cloud Services (KCS)

SECURITY RISK MANAGEMENT

Security Controls What Works. Southside Virginia Community College: Security Awareness

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor January 23, 2014

We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review

Making Database Security an IT Security Priority

SAQ D Compliance. Scott St. Aubin Senior Security Consultant QSA, CISM, CISSP

HOW SECURE IS YOUR PAYMENT CARD DATA? COMPLYING WITH PCI DSS

Network Segmentation

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

Network and Security Controls

So Why on Earth Would You WANT To be a CISO?

PCI Requirements Coverage Summary Table

Attachment A. Identification of Risks/Cybersecurity Governance

Performance Audit of the San Diego Convention Center s Information Technology Infrastructure JULY 2012

Cloud Security & Standardization. Markku Siltanen Tietoturvakonsultti CISA, CGEIT, CRISC

Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs

Firewall Administration and Management

OFFICE OF AUDITS & ADVISORY SERVICES SHAREPOINT SECURITY AUDIT FINAL REPORT

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

Auditing Data Access Without Bringing Your Database To Its Knees

Top 3 Issues and Questions (in Network Monitoring!) Developing a Network Monitoring Architecture! infotex. Dan Hadaway CRISC Managing Partner, infotex

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Transcription:

1 AUDIT LOGGING/LOG MANAGEMENT KATHLEEN A MULLIN, MBA, CIA, CISA, CISSP, ISA, CISM, CRISC, CGEIT DIRECTOR OF IT SECURITY/CISO HEALTHPLAN SERVICES (HPS) AHIA 31 st Annual Conference August 26-29, 2012 Philadelphia PA www.ahia.org

Key Points 2 When is log information important and what Audit needs to focus on Where to look for additional information to interpret log data What actions should be taken by which role within the organization What are the appropriate actions based on the log data What is appropriate p without a logging g tool what organizations should evaluate when looking for a logging tool

3 When is log information important?

What to focus on 4 Information Overload Business Impact Analysis Risk Requirements Operational Business Regulatory

Appropriate p deployments 5 Project Approach Platform Business Geographic Stability Resource

What to Log 6 Syslog Events Access Logs Windows Log Events IDS / IPS Logs Database Logs Firewall Logs System Logs Network Flows Error Logs Security Logs Application Logs Backup Logs Patch Logs Anti-Malware Logs Policy Change Logs Integrity Logs Change Logs Engineering g Systems

Log Reporting What to focus on 7 SANS Top 5 Log Reports Attempts to Gain Access through Existing Accounts Failed File or Resource Access Attempts Unauthorized Changes to Users, Groups and Services Systems Most Vulnerable to Attack Suspicious or Unauthorized Network Traffic Patterns

Where to look for additional if information to interpret it t log dt data 8

Where to look for additional if information to interpret it t log dt data 9 Vendors Search Engines Additional i Resources

What actions should be taken by which role within the organization 10

What actions should be taken by which role within the organization 11 IT Information Security Incident Response Team Business Process Owner Risk Compliance Audit Finance Legal Human Resources Management

What actions should be taken by which role within the organization 12

What actions should be taken by which role within the organization 13

What actions should be taken by which role within the organization 14

What are the appropriate actions based on the log data 15 RISK Operational requirements Contractual requirements Insurance requirements Change Management RISK Incident cde Response se Plan Disaster Recovery Plans Business Continuity Plans

What are the appropriate actions based on the log data 16 Environmental Norm Critical Error Warning

What to do without a logging tool and what to look for in a logging tool 17

What to do without a logging g tool 18 RISK Based Operational requirements Contractual requirements Insurance requirements Change Management

What to look for in a logging g tool 19 Collect, Index- Correlate Alert Store Report Scalability Tuning Analytics Segregation of duties

What to look for in a logging g tool 20 Integration with work order systems File Integrity Monitoring Security Monitoring and Reporting Fraud Detection Data loss detection Compliance

Summary 21 When is log information important and what Audit needs to focus on Where to look for additional information to interpret log data What actions should be taken by which role within the organization What are the appropriate actions based on the log data What is appropriate without a logging tool what organizations should evaluate when looking for a logging tool

Additional Resources - ISACA 22 ISACA http://www.isaca.org/ CoBIT 4.1 http://www.isaca.org/knowledge-center/cobit/pages/overview.aspx CoBIT 5.0 http://www.isaca.org/cobit/pages/info-sec.aspx /COBIT/P / The Risk IT Framework http://www.isaca.org/knowledge-center/risk-it-it-risk- Management/Pages/Risk-IT1.aspx

Additional Resources - NIST 23 NIST http://csrc.nist.gov/ Guide to Computer Security Log Management http://csrc.nist.gov/publications/nistpubs/800-92/sp800-92.pdf pdf Recommended Security Controls for Federal Information Systems and Organizations http://csrc.nist.gov/publications/nistpubs/800-53-rev3/sp800-53- rev3-final.pdf

Additional Resources e-discovery 24 Discovery Resources http://www.discoveryresources.org/ State by State Summary Report of E-Discovery Efforts http://www discoveryresources org/library/case law and http://www.discoveryresources.org/library/case-law-andrules/state-rules/annotated-list-of-state-rules-of-civil-procedure/

Additional Resources - Microsoft 25 Microsoft http://www.ultimatewindowssecurity.com/default.aspx http://www.eventid.net/ p// / http://technet.microsoft.com/en-us/default.aspx http://support.microsoft.com/

Additional Resources Best Practices 26 SANS Critical Control 14: Maintenance, Monitoring, and Analysis of Security Audit Logs http://www.sans.org/critical-securitycontrols/control.php?id=14 Top 5 Essential Log Reports http://www.sans.org/security-resources/top5-logreports.pdf The Unified Compliance Framework (UCF) http://www.unifiedcompliance.com/

Additional Resources 27 PCI Data Security Standards https://www.pcisecuritystandards.org/ https://www.pcisecuritystandards.org/security p y_ standards/documents.php Kerberos http://www.rfc-editor.org/rfc/rfc1510.txt Microsoft PowerShell for Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?familyid=10ee29af-7c3a- 4057-8367-C9C1DAB6E2BF&displaylang=en

28 Questions??

Thank-you 29 kmullin@healthplan.com

Save the Date: August 25-28, 2013 32 nd Annual Conference Chicago, IL 30