Please enable JavaScript.
Coggle requires JavaScript to display documents.
05_Protection of Info.Assets_Part-2 (Auditing Info.security Mgt…
05_Protection of
Info.Assets_Part-2
Auditing Network Infra.security
Auditing
Remote access
Auditing Internet
Points of Presence
E-mail
Marketing
Sales channel/E-commerce
Channel of delivery of goods
Information gathering
Network Penetration Tests
Types
External testing
Internal testing
Blind testing
Double Blind testing
Targeted testing
Auditing Info.security
Mgt.framework
Info.secu.Mgt framework
Reviewing written policies, procedures & standards
Formal security awareness & training
Data ownership
Data owners
Data custodians
Security administrators
New IT users
Data users
Documented Authorisations
Terminated employee access
Security baselines
Access standards
Logical access
Familiarisation with IT environment
Documenting the
Access paths
PC
Servers
Telecommunications software
Transaction processing software
Application software
DBMS
Access control software
Interviewing systems personnel
Reviewing reports from
Access control software
Reviewing applications systems
Operation Manual
Techniques for
testing security
Investigation
techniques
Computer
forensics
Chain of custody
Who had access?
Procedure followed in
working with evidence
Proving that analysis
is based on copoes
Chain of events
Identify
Preserve
Analyse
Present
Key elements
Imaging
Data protection
Data acquisition
Extraction
Interrogation
Ingestion / normalisation
Reporting
Environmental
exposures & controls
Environmental
exposures
Power failures
Brown-out (severely reduced voltage)
Sags, spikes & surges
Electro-magnetic Interference (EMI)
Black-out (total failure)
Lightning storms
Earthquakes
Hurricanes
Volcanic erruptions
Controls
Alarm control panels
Hand-held Fire Extinguishers
Smoke detectors
Fire suppression systems
Methods
Total flooding principle
Local application principle
Medium
Water based
Sprinker system
Dry pipe
Halon systems
FM-200
Argonite
CO2 systems
Strategically locating
computer room
Regular inspection by fire dept.
Fire-proof walls, floors &
ceilings of computer room
Electrical Surge protectors
UPS/generators
Emergency Power off Switch
Getting Power from Two sub-stations
Restricting activities inside facilities
Fire-resistant Office material
Auditing
Environmental controls
Physical access-
issues & controls
Exposures
Controls
Bolting door locks
Combination door locks
Electronic door locks
Biometric door locks
Logging of visitors
Manual
Electronic
Identification badges
CCTV cameras
Security guards
Controlled visitor access
Deadman doors
Computer workstation locks
Controlled single entry point
Secured document
distribution cart
Computer room-not
visible from outside
Auditing Physical access
Mobile computing
Peer to Peer computing
Instant messaging (IM)
Cloud computing
Data Leakage
prevention (DLP)
States of data
Data in motion
Data in use (endpoint)
Data at rest
Risks of DLP
Improper tuned network DLP modules
Excessive reporting & false positives
Enryption
Graphics
DLP cannot interpret
graphic files
End user
computing
(EUC)