the process of examining logs which record who accesses the system and the actions they take (monitor securtiy)
monitors logs of network traffic permitted to pass the firewall
intrusion detection system (IDS)
the most common method of analysis used by ________ is to compare thier logs to a database containing patterns of traffic associated with known attacks.
IDS Intrusion detection systems
Disclose's the organization's performance with respect to the COBIT objectives. Key perofromance indicators include downitime caused by security incidents, number of systems with IDS installed, and the time needed to react to security incidents once they are reported.
automated tools designed to identify whether a system contains any well-known vulnerabilities.
Involves an authorized attempt by either an internal audit team or external security consulting firm to break into the organization's information system's
consisting of technical specialists and senior operations management, to deal with major incidents
Computer emergency response team
The _____ leads the organization's incident response process through four steps, whcih must be practiced regularly
1._________- occurs when an IDS alerts, or from log analysis by a system admin.
2. _________ once intrusion is detected, prompt action to stop it and contain the damage.
3. __________ damage must be repaired, like restoring data from backup and reinstalling corrupted programs
4. ___________ analysis of how the incident occurred. Modify existing security policy to minimize the likelihood of a similar incident. An important decision is whether to try to catch and punish the perpetrator. If the perpetrator will be pursued, forensic experts should be involved immediately to ensure that all possible evidence is collected and maintained in a manner that makes it admissible in court.
CERT(computer emergency response team)
- 1.Recognizing that a problem exists
- 2.Containing the problem
- 4.Follow Up
is an individual with organization-wide responsibility for security.
– Should be independent of other IS functions and report to either the COO or CEO.
– Must understand the company’s technology environment and work with the CIO to design, implement, and promote sound security policies and procedures.
– Disseminates info about fraud, errors, security breaches, improper system use, & consequences of these.
– Works with the person in charge of building security, as that is often the entity’s weakest link.
– Should impartially assess and evaluate the IT environment, conduct vulnerability and risk assessments, and audit the CIO’s security measures.
Chief Security Officer
involves fixing known vulnerabilities and installing the latest updates to anti-virus software,firewalls,operating systems, and application programs.