ITSM603 PROJECT GROUP D FUNDAMENTALS OF INFORMATION SYSTEM SECURITY CHAPTER: 7 & 8 1.Moniya Akter 2.Shekh Tareq Ali 3.Nafisa Arshad 4.Molisha Bajracharya 5.Rajesh Kandimalla 6.Abdul Mannan Khan Sherani 7.Tasnim Tithe Security Auditing and Analysis Auditing is very important estimate for avoiding data breaking agreement. By auditing Computer system it helps to check how operating system meet the destination of data auditing. Auditing can be done manually or with the help of Automated machine. By auditing it is easy to compare the difference and where focus more for more security. Importance of security Auditing: Auditing data helps finding which is acceptable and unacceptable . Establish standards based on those created or approved by standards bodies. It is appropriate to communicate and take other acts that are allowed by a policy statement. Security Testing • Security testing is a crucial process to identify vulnerabilities and weaknesses in an information system's defenses. • It aims to assess the system's ability to protect data, maintain functionality, and prevent unauthorized access. • Security testing is a critical part of the software development lifecycle. • Regular security testing helps identify and address vulnerabilities before they can be exploited. • A comprehensive security testing strategy strengthens the overall security posture of the system. • By ensuring robust security measures, organizations can protect their data and reputation from potential threats. Importance of Security Testing • Protects sensitive data from breaches and unauthorized access. • Ensures compliance with industry regulations and data protection laws. • Preserves the reputation and trust of customers and stakeholders. • Mitigates financial losses and potential legal liabilities. Types of Security Testing. Vulnerability Assessment • Identifies known vulnerabilities in the system through scanning and automated tools. • Provides a comprehensive list of potential weaknesses that require remediation. • Example Tools: Nessus, OpenVAS. Penetration Testing • Simulates real-world attacks to assess the system's resistance to threats. • Penetration testers act as ethical hackers to exploit vulnerabilities and provide actionable insights. • Types: Black Box (no prior knowledge), White Box (internal knowledge), Grey Box (partial knowledge). • Example Tools: Metasploit, Nmap. Security Code Review – Analyzes the application's source code to find security flaws. – Manual and automated reviews help detect coding errors and vulnerabilities. – Enhances the software's security posture before deployment. – Example Tools: Fortify, Veracode. Security Configuration Testing – Evaluates system configurations to ensure secure settings. – Verifies that default settings are changed and sensitive data is protected. – Helps prevent misconfigurations that could lead to security breaches. – Example Tools: OpenSCAP, CIS-CAT. Security Monitoring Security monitoring is a crucial aspect of maintaining a safe digital world, ensuring that our computer systems, networks, and digital spaces are functioning properly. It is like a digital security guard, monitoring and detecting unusual activities and behaviors in our systems. Security monitoring tools send alerts to the right people when a potential security issue is detected, providing a sense of security and alertness.” Security monitoring protects data, ensuring smooth systems and preserving privacy. It prevents unauthorized access and theft of personal information, ensures smooth systems, and preserves privacy by detecting issues that may slow down or disrupt digital operations. Key Benefits of Security Monitoring: Key benefits of security monitoring include early detection, fast response, and peace of mind. Early detection helps prevent major security breaches, while swift responses minimize damage and keep systems safe. By implementing security monitoring, we can focus on using our computers and networks without worrying about security threats. Overall, security monitoring is like a watchful guardian for our digital world, ensuring that our data, systems, and privacy remain secure. Risk Management • Process of identifying, assessing, controlling and managing threats by minimizing the threats and maximizing the opportunities and outcomes • In a well-developed risk management program, there are two formal processes are used at work: Risk identification Risk controls Risk Identification Risk Controls Risk controls specially address admission of a user in the trusted organization Risk controls can be: Mandatory access controls (MAC) Nondiscretionary controls Discretionary access controls (DAC) Risk controls usually consist of a combination of policies, programs and technologies Responses For An It System Security When an IT system security risk occurs, the common responses involve a series of actions aimed at mitigating the impact and resolving the risk. 1.Identification and Validation: Confirming that a risk has been occurred and verifying its nature and scope. 2.Containment: Isolating affected systems or devices to prevent further damage and spreading of the risk. 3.Eradication: Removing the root cause of the risk to ensure that the system returns to a secure state. 4.Recovery: Restoring risk affected systems, data, and services to their normal state. 5.Search and Analysis: Conducting thorough an investigation to understand how the risk occurred in the system, what data was affected, and the extent of the damage and bring back onto the required position. 6.Communication: Keeping all them risk are informed about the incident status, response actions, and potential impact. 7.Notification: Complying with legal and regulatory requirements to report the risk to the appropriate authorities, customers, or partners, if necessary. 8.Lessons Learned: Evaluating the risk response process to identify areas of improvement and update the incident response plan accordingly. 9.Monitor and Control: Implementing measures to prevent similar incidents in the future, such as enhanced security controls, regular security assessments, and ongoing monitoring. 10.Backup: All the data taken during the incident response process for future reference and using this data the risk cannot happen in future. Recovery of IT System Issues related to the recovery of IT System: 1: Data Security and Protection: Ensuring data security during IT system recovery is crucial to prevent data breaches and unauthorized access. Lack of proper encryption, backup, and replication strategies can lead to data loss and compromise sensitive information. Implementing access controls, multi-factor authentication, and secure data storage are essential for safeguarding data integrity. 2: Downtime and Business Continuity: Extended downtime during IT system recovery can result in significant financial losses and damage to business reputation. Redundant hardware, failover mechanisms, and virtualization technologies are vital for maintaining uninterrupted business continuity. Regular testing and simulations of recovery plans help identify potential bottlenecks and improve the efficiency of recovery operations 3: Cybersecurity Threats: The evolving landscape of cybersecurity threats poses a continuous challenge to IT system recovery efforts. Ransomware, DDoS attacks, and other malicious activities can disrupt the recovery process and compromise system integrity. Proactive measures, such as real-time threat detection and continuous monitoring, are crucial to mitigate cybersecurity risks. 4: Resource Constraints and Budget Limitations: Smaller organizations often face resource constraints and budget limitations when planning for IT system recovery. Allocating sufficient funds and resources for disaster recovery becomes a challenging balancing act. Engaging with third-party disaster recovery service providers can offer cost-effective solutions and expertise. 5: Regulatory Compliance and Legal Concerns: Adhering to legal and compliance requirements is essential during IT system recovery. Failure to comply with data handling, retention, and industry-specific standards can result in penalties and legal liabilities. Integrating regulatory compliance into recovery plans ensures a smooth recovery process without legal hindrances. CONCLUSION Successful Information Security Governance doesn’t come overnight; it’s a continuous process of learning, revising and adapting. While every company may have its specific needs, securing their data is a common goal for all organizations. Emerging technologies and cyber-threats will continue to evolve. Data breaches and security incidents will happen. Rather than scrambling after a security breach, organizations must put proactive and strategic Information security Governance at the forefront.