Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth Kearney-Lang Daureen Lingley-Chor Selected Topics: • The two areas of interest our team chose are: • Firewall Management and Intrusion Detection, Intrusion Prevention • Security Information Management – complement each other well – focusing on the safeguarding of company assets Control Objectives • Security Information Management: • To control access to the Information Systems to prevent unauthorized use and to restrict authorized use. • To ensure proper controls are in place to ensure data and system availability in order for the Information Systems to fully support the organization’s objectives. Control Objectives • Firewall Management and Intrusion Detection, Intrusion Prevention • To ensure preventative, detective, and corrective measures are in place and working as intended to protect the Information System from intrusion. • To ensure proper controls are in place to safeguard assets and prevent, detect and mitigate fraudulent activity. Research • Our research began with • An Introduction to Computer Security: The NIST Handbook • National Institute of Standards and Technology Special Publications: – SP 800-41 Revision 1 entitled Guidelines on Firewalls and Firewall Policy, – SP 800-61 Revision 1 entitled Computer Security Incident Handling Guide, – SP 800-94 entitled Guide to Intrusion Detection and Prevention Systems. Research • Collaboration: wikispaces • Warious vendor website • White Papers Control for Firewall Management, Intrusion Detection & Prevention • Implement and enforce Back-up Procedure – Category: Procedure – Type: General, Secondary, Corrective – Control Benefit: Up-to-date back-up if needed – Adverse Impact: Unnecessary extended downtime Control Evidence • In Place: Written documentation of procedure, documentation readily available in hardcopy or online. • In Effect: All data will be properly backed up, personnel responsible for back-up procedure will have knowledge of procedure and documentation of all back-ups that occur. Audit Steps • In Place: Review written documentation of procedure and search for online copy. • In Effect: Test and verify the existence of backup data stores. Interview employees to determine responsibilities and accountable party. Control for Security Information Management • Written Acceptable Use Policy with required signature of employee – Category: Legal – Type: General, Secondary, Preventative – Control Benefit: Ensures employee knowledge of and responsibility to properly safeguard the system. – Adverse Impact: Lack of knowledge and responsibility would create usage problems and security issues Control Evidence • In Place: Documented Policy, documents with employees’ signatures. • In Effect: Understanding of policy by employees, file of signed policies will exist. Audit Steps • In Place: Review documentation of policy and check for signatures of all active employees. • In Effect: Interview employees and review file of signed policies. Image Polymers Company, LLC Covisia Solution, Inc. • Test of controls Best Practices for the AUP • Explain employee rights and monitoring expectations • Educate employees on legal issues • State the consequences of noncompliance • Ensure that all the employees are informed about the AUP Acceptable Use Policy The System, including the email system and Internet connections, is the property of the Company. Each employee is responsible for the use of the System and for observing all laws. In the event that any employee is found to have improperly used the System, he or she is subject to disciplinary action, up to and including immediate dismissal. Acceptable Use Policy • • • • • • • The company may review the following at its discretion: History of sent and received email by employees Contents of sent and received email by employees History of access to the WWW by employees Contents viewed by employees Time spent by employee on the www Voicemail messages Challenge Audit Work Program Questions?