Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Lottery's Log Management Business Objectives

advertisement 
Lottery Log Management:
Reviewing Gaming System Logs
Why, What, and How
Why You Should Review
• Keep you and your director from
getting fired!
• Consistent with business objectives
©2009 Delehanty Consulting LLC
Every Standard Says You Should!
(Do you want to explain why you weren’t?)
• NIST 800-92 Guide to Computer Security Log
Management
• ISO 27002/17799 Code of practice for
information security management
• COBIT 4 Control Objectives for Information &
Technology
• NIST 800-53 Recommended Security Controls for
Federal Information Systems
©2009 Delehanty Consulting LLC
Lottery’s Log Management
Business Objectives
1. Security Operations: Security policies
and systems are operating as planned
2. IT Operations: Determine whether IT
operations can be improved and whether
they are susceptible to issues
3. Forensics: Capture admissible proof that
could serve as evidence if harm was done
or rules/policies were intentionally broken
©2009 Delehanty Consulting LLC
Analyze What?
• SANS – Top 5 Essential Log Analyses
• NIST SP 800-92 Guide to Computer
Security Log Management (consistent
with ISO 17799/27002)
©2009 Delehanty Consulting LLC
SANS
Essential Log Analyses
1.
2.
3.
4.
Attempts to access through existing accounts
Failed file or resource access attempts
Unauthorized changes to groups, users, etc.
Suspicious/unauthorized network traffic
©2009 Delehanty Consulting LLC
NIST Additions
• Transaction information
• Significant Operational Actions
– Application startup and shutdown
– Task execution
– Application failures.
©2009 Delehanty Consulting LLC
Transaction Information
• All transactions should be written to a
master transaction file that cannot be altered
prior to being received by the Lottery
• Requirement met by:
– Transaction Master File
– ICS system
• Better source for forensic evidence than
Gware
©2009 Delehanty Consulting LLC
How
Activity Analysis Strategies
1.
2.
3.
4.
Review all activities and processes
Focus on high-risk activities
Focus on high-risk processes
Develop baselines and then look for
anomalies
5. Time sampling or all days
6. All systems, select systems, or sampling
©2009 Delehanty Consulting LLC
How – A Process Approach
You’re First Log Review
•
•
•
•
High risk
Daily review
All gaming systems
Handout leads you through process
©2009 Delehanty Consulting LLC
Related documents
Team Norms & Operating Agreement
Team Norms & Operating Agreement
Context-Sensitive Features – What Makes Each Organization Unique
Context-Sensitive Features – What Makes Each Organization Unique
Biography - the Community Advancement Network
Biography - the Community Advancement Network
Delivering Effective Presentations: tips and techniques for non
Delivering Effective Presentations: tips and techniques for non
Experian PO Box 2002 Allen, TX 75013 I dispute the reporting of the
Experian PO Box 2002 Allen, TX 75013 I dispute the reporting of the
Presenter
Presenter
Lesson 4.1 - Slides
Lesson 4.1 - Slides
Download
advertisement