Solved

Auditing Systems -Security

Posted on 2004-04-27
13
626 Views
Last Modified: 2010-03-05
I am currently working in System Security Department in my orginisation. They are currently want to develop a new section for Security Auditing.

I was assigned to be on the system auditing team. Can anyone give me a brief overview on what do system Auditors do ? any suggestions or links which can guide me on how to do it?

I like experts to share their knowledge and experince in this field. I've just started my work career few months back.

Thanks Guys  
0
Comment
Question by:cancer_66
  • 8
  • 5
13 Comments
 
LVL 7

Expert Comment

by:shahrial
Comment Utility
DUTIES
Computer systems auditors are involved in the design and monitoring of control systems which ensure the accuracy and security of data. They also review an organisation's computing environment and the use of their computer facilities.

Computer systems auditors provide managers with expert opinions about the reliability of results and operations of computer systems. It is essential that computer systems auditors understand both the accounting and information technology implications of computer systems.

Depending on the level of responsibility and the particular job role involved, duties may also include:

- Analyse information processing systems to assess their completeness, accuracy, validity and efficiency
- Assess business systems to gauge the accurateness, completeness and timeliness of transaction processing
- Review applications systems and their business procedures in achieving desired business objectives
- Participate in new system design to ensure an efficient, effective and well-controlled system
- Evaluate the organisation's computing environment for effective operational, systems software, systems development and   security procedures
- Check software and hardware acquisition in terms of economy, efficiency and ability to deliver operationally
- Check and report on the usage of computing facilities
- Talk with data processing management and system users
- Write reports and recommendations for improvement in computing facility management.

Hope this helps...;-)
0
 

Author Comment

by:cancer_66
Comment Utility
Thanks Guys, sorry for responding late was quite busy.

I am required to provide a Tasklist for System security audit. Can anyone help here?

I cant think of many?!

Tasklists:- Baseline report, checklists, tools windows NT/XP and Unix,....errr



0
 
LVL 7

Expert Comment

by:shahrial
Comment Utility
For a start, you should look at these...

Microsoft TechNet Security website: http://www.microsoft.com/technet/
CERT http://www.cert.org/
SecurityFocus-BugTraq: http://www.securityfocus.com/
Internet Storm Center http://isc.incidents.org/
Packetstorm: http://www.packetstormsecurity.nl/

What platform are you running? So that I can give you the Tasklist specific to your system...;)
0
 

Author Comment

by:cancer_66
Comment Utility
Ill be auditing two system.

1.windows 2000
2.solaris 8.0

thanks alot for the help
0
 
LVL 7

Expert Comment

by:shahrial
Comment Utility
0
 
LVL 7

Expert Comment

by:shahrial
Comment Utility
Auditing Process
The auditing process provides a well-defined set of procedures and protocols to measure compliance or deviation from applicable standards.However, audits can be used to verify compliance with applicable laws and regulations, efficiency of organizational operation, and effectiveness achieving desired organizational goals.The auditing process should consist of regularly planned activities that maximize participation and consider resource allocation. For instance, it may not make sense to perform an audit during end-of-year holidays when it is difficult to meet with and collect information from key personnel.
The Department of Defense (DoD) provides the following detailed steps that are more particular to an IT audit:

1. Plan the audit:
- Understand the business context of the security audit
- Obtain required approvals from senior management and legal representatives
- Obtain historical information on previous audits, if possible
- Research the applicable regulatory statutes
- Assess the risk conditions inherent to the environment

2. Determine the existing controls in place and the associated risk profile:
- Evaluate the current security posture using risk-based approach
- Evaluate the effectiveness of existing security controls
- Perform detection risk assessment
- Perform control risk assessment
- Determine the total resulting risk profile

3. Conduct compliance testing:
- Determine the effectiveness of policies and procedures
- Determine the effectiveness of segregation of duties

4. Conduct substantive testing:
- Verify that the security controls behave as expected
- Test controls in practice

5. Determine the materiality of weaknesses found:
- If the security exploits found were to be executed, what would be the tangible impact to the business (in dollars) and the intangible impact (loss of reputation)
- Determine if the security exploits found increase the organizational risk profile

6. Present findings:
- Prepare the audit report and the audit opinion
- Create recommendations

The auditing process provides a means to ensure compliance with organizational security policy. Audit trail reports can be used to demonstrate compliance over a period of time. Audit trails should be able to reconstruct events, provide
problem identification and resolution, and assign individual accountability. It is important that an “owner” is assigned and that owners know they are culpable for neglecting to protect information assets and that the audit trail must be protected
from unauthorized modification as well. Accountability is significant but limited since it is a reactive control. It does not prevent activities from happening, but reports them once an event has occurred.
After the policy has been created, the maintenance activities monitor effectiveness and compliance. Monitoring can take the form of checking for the latest security vulnerabilities and applying patches as needed. However, applying patches as
announcements are made on vulnerabilities is not enough. It is important to provide regularly scheduled penetration tests to discover exploits that may have resulted from a recent change in operating environment.The risk-based approach
to protecting information assets should consider the importance of the assets that need to be protected and the frequency of review required to mitigate risk.

Hope this helps...;-)
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 7

Expert Comment

by:shahrial
Comment Utility
If you have time to read, get this good book:
Syngress SSCP (Systems Security Certification Practitioner) Study Guide and DVD Training System.
ISBN: 1-931836-80-9

It a good book...alternatively, you may want to get the CISSP or the Security+ books.
It give good insight into Auditing and a lot more... ;-)
0
 

Author Comment

by:cancer_66
Comment Utility
Thanks alot shahrial. good info. ill look into the links right away.

0
 

Author Comment

by:cancer_66
Comment Utility
Hmm, excuse my ignorant guys, got a question i would really appricate if someone helps me out with it.

How can i create a baseline? lets say for windows 2000?

what is a baseline first of all ?
0
 
LVL 7

Expert Comment

by:shahrial
Comment Utility
Use the Microsoft Baseline Security Analyzer V1.2
http://www.microsoft.com/technet/security/tools/mbsahome.mspx

Microsoft Baseline Security Analyzer (MBSA) 1.2 Q&A
http://www.microsoft.com/technet/security/tools/mbsaqa.mspx

Check out these:
Support WebCast: Vulnerability assessment and the Microsoft Baseline Security Analyzer
http://support.microsoft.com/default.aspx?kbid=839267

Download the additional resource. This is a Microsoft PowerPoint (.ppt) file
http://download.microsoft.com/download/0/C/9/0C96C18C-D4AE-44DA-ADF8-684E21915591/wcd030504.exe

Supplemental reading: Scripting with the Microsoft Baseline Security Analyzer V1.2
http://www.microsoft.com/technet/security/tools/mbsascript.mspx

Engineering Principles for Information Technology Security (A Baseline for Achieving Security)
http://downloads.securityfocus.com/library/SP800-27-RevA-Draft.pdf

These will give you the tools, detailed instructions and general info on auditing.
Should be able to help you...;-)
0
 
LVL 7

Accepted Solution

by:
shahrial earned 250 total points
Comment Utility
Dear cancer_66,
Should you have further questions, please ask a new question.
I believe i had answered your current question... ;-)
0
 

Author Comment

by:cancer_66
Comment Utility
Yes sir:)

you'll get your points ! thanks alot.

expect more questions from me !=)
0
 
LVL 7

Expert Comment

by:shahrial
Comment Utility
Thanks...no problem...if i can assist, i will...;-)
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now