Security Information Management
Firewall Management, Intrusion Detection,
and Intrusion Prevention
Intrusion Detection Busters
Katherine Jackowski
Elizabeth Kearney-Lang
Daureen Lingley-Chor
Selected Topics:
• The two areas of interest our team chose are:
• Firewall Management and Intrusion Detection,
Intrusion Prevention
• Security Information Management
– complement each other well
– focusing on the safeguarding of company assets
Control Objectives
• Security Information Management:
• To control access to the Information Systems
to prevent unauthorized use and to restrict
authorized use.
• To ensure proper controls are in place to
ensure data and system availability in order
for the Information Systems to fully support
the organization’s objectives.
Control Objectives
• Firewall Management and Intrusion Detection,
Intrusion Prevention
• To ensure preventative, detective, and
corrective measures are in place and working
as intended to protect the Information System
from intrusion.
• To ensure proper controls are in place to
safeguard assets and prevent, detect and
mitigate fraudulent activity.
Research
• Our research began with
• An Introduction to Computer Security: The NIST
Handbook
• National Institute of Standards and Technology
Special Publications:
– SP 800-41 Revision 1 entitled Guidelines on Firewalls
and Firewall Policy,
– SP 800-61 Revision 1 entitled Computer Security
Incident Handling Guide,
– SP 800-94 entitled Guide to Intrusion Detection and
Prevention Systems.
Research
• Collaboration: wikispaces
• Warious vendor website
• White Papers
Control for Firewall Management,
Intrusion Detection & Prevention
• Implement and enforce Back-up Procedure
– Category: Procedure
– Type: General, Secondary, Corrective
– Control Benefit: Up-to-date back-up if needed
– Adverse Impact: Unnecessary extended
downtime
Control Evidence
• In Place: Written documentation of procedure,
documentation readily available in hardcopy
or online.
• In Effect: All data will be properly backed up,
personnel responsible for back-up procedure
will have knowledge of procedure and
documentation of all back-ups that occur.
Audit Steps
• In Place: Review written documentation of
procedure and search for online copy.
• In Effect: Test and verify the existence of backup data stores. Interview employees to
determine responsibilities and accountable
party.
Control for Security Information
Management
• Written Acceptable Use Policy with required
signature of employee
– Category: Legal
– Type: General, Secondary, Preventative
– Control Benefit: Ensures employee knowledge of
and responsibility to properly safeguard the
system.
– Adverse Impact: Lack of knowledge and
responsibility would create usage problems and
security issues
Control Evidence
• In Place: Documented Policy, documents with
employees’ signatures.
• In Effect: Understanding of policy by
employees, file of signed policies will exist.
Audit Steps
• In Place: Review documentation of policy and
check for signatures of all active employees.
• In Effect: Interview employees and review file
of signed policies.
Image Polymers Company, LLC
Covisia Solution, Inc.
• Test of controls
Best Practices for the AUP
• Explain employee rights and monitoring
expectations
• Educate employees on legal issues
• State the consequences of noncompliance
• Ensure that all the employees are informed
about the AUP
Acceptable Use Policy
The System, including the email system and
Internet connections, is the property of the
Company. Each employee is responsible for the
use of the System and for observing all laws. In
the event that any employee is found to have
improperly used the System, he or she is subject
to disciplinary action, up to and including
immediate dismissal.
Acceptable Use Policy
•
•
•
•
•
•
•
The company may review the following at its discretion:
History of sent and received email by employees
Contents of sent and received email by employees
History of access to the WWW by employees
Contents viewed by employees
Time spent by employee on the www
Voicemail messages
Challenge
Audit Work Program
Questions?