Security Information Management Firewall Management, Intrusion Detection,

and Intrusion Prevention

Intrusion Detection BustersKatherine Jackowski

Elizabeth Kearney-LangDaureen Lingley-Chor

Selected Topics:

• The two areas of interest our team chose are: • Firewall Management and Intrusion Detection,

Intrusion Prevention• Security Information Management– complement each other well– focusing on the safeguarding of company assets

Control Objectives

• Security Information Management:• To control access to the Information Systems

to prevent unauthorized use and to restrict authorized use.

• To ensure proper controls are in place to ensure data and system availability in order for the Information Systems to fully support the organization’s objectives.

Control Objectives

• Firewall Management and Intrusion Detection, Intrusion Prevention

• To ensure preventative, detective, and corrective measures are in place and working as intended to protect the Information System from intrusion.

• To ensure proper controls are in place to safeguard assets and prevent, detect and mitigate fraudulent activity.

Research

• Our research began with• An Introduction to Computer Security: The NIST

Handbook • National Institute of Standards and Technology

Special Publications:– SP 800-41 Revision 1 entitled Guidelines on Firewalls and

Firewall Policy, – SP 800-61 Revision 1 entitled Computer Security Incident

Handling Guide, – SP 800-94 entitled Guide to Intrusion Detection and

Prevention Systems.

Research

• Collaboration: wikispaces• Warious vendor website• White Papers

Control for Firewall Management, Intrusion Detection & Prevention

• Implement and enforce Back-up Procedure– Category: Procedure– Type: General, Secondary, Corrective– Control Benefit: Up-to-date back-up if needed– Adverse Impact: Unnecessary extended downtime

Control Evidence

• In Place: Written documentation of procedure, documentation readily available in hardcopy or online.

• In Effect: All data will be properly backed up, personnel responsible for back-up procedure will have knowledge of procedure and documentation of all back-ups that occur.

Audit Steps

• In Place: Review written documentation of procedure and search for online copy.

• In Effect: Test and verify the existence of back-up data stores. Interview employees to determine responsibilities and accountable party.

Control for Security Information Management

• Written Acceptable Use Policy with required signature of employee– Category: Legal– Type: General, Secondary, Preventative– Control Benefit: Ensures employee knowledge of

and responsibility to properly safeguard the system.– Adverse Impact: Lack of knowledge and

responsibility would create usage problems and security issues

Control Evidence

• In Place: Documented Policy, documents with employees’ signatures.

• In Effect: Understanding of policy by employees, file of signed policies will exist.

Audit Steps

• In Place: Review documentation of policy and check for signatures of all active employees.

• In Effect: Interview employees and review file of signed policies.

Image Polymers Company, LLCCovisia Solution, Inc.

• Test of controls

Best Practices for the AUP

• Explain employee rights and monitoring expectations

• Educate employees on legal issues• State the consequences of noncompliance• Ensure that all the employees are informed

about the AUP

Acceptable Use Policy

The System, including the email system and Internet connections, is the property of the Company. Each employee is responsible for the use of the System and for observing all laws. In the event that any employee is found to have improperly used the System, he or she is subject to disciplinary action, up to and including immediate dismissal.

Acceptable Use Policy

• The company may review the following at its discretion:

• History of sent and received email by employees• Contents of sent and received email by

employees• History of access to the WWW by employees• Contents viewed by employees• Time spent by employee on the www• Voicemail messages

Challenge

Audit Work Program

Questions?