Information Technology Reference
In-Depth Information
essentially a measurement against a standard. The aim of audit is to protect the systems
within the audit scope.
Auditing is closely related with policies and procedures and risk analysis. While
auditing is a measurement against a standard, assessing is generally going to be a risk
analysis and an assessment of how effective a policy is.
Audit is an essential process for the protection of information essentially in the
information age. Audit should be performed periodically. Within these periods, systems
can be audited separately or along with the risk analysis process. Audit and risk analysis
processes help mature policies and procedures, which are imperative for protection of
information in this age.
Like testing standards, there are also auditing standards, which are effectively used for
systems. The most important of these standards is COBIT, which is a standard of ISACA.
COBIT attempts to provide an IT-oriented checklist for the overall control and
management of an enterprise. FISCAM is another set of auditing standards with a very
different goal. While COBIT focuses on best business practice and line of business
accountability, FISCAM is focused on IT management and auditing in connection with
financial auditing.
5.2
Monitoring and Logging the System
Continuous monitoring of network activity is required if a site is to maintain
confidence in the security of its network and data resources. Network monitors may be
installed at strategic locations to collect and examine information continuously which
may indicate suspicious activity. It is possible to have automatic notifications alert
system administrators when the monitor detects anomalous readings, such as a burst of
activity that may indicate a denial-of-service attempt. Such notifications may use a
variety of channels, including electronic mail and mobile paging. Sophisticated systems
capable of reacting to questionable network activity may be implemented to disconnect
and block suspect connections, limit or disable affected services, isolate affected systems,
and collect evidence for subsequent analysis.
Tools to scan, monitor, and eradicate viruses can identify and destroy malicious
programmes that may have inadvertently been transmitted into host systems. The damage
potential of viruses ranges from mere annoyance (e.g., an unexpected "Happy Holidays"
jingle without further effect) to the obliteration of critical data resources. To ensure
continued protection, the virus identification data on which such tools depend must be
kept up to date. Most virus tool vendors provide subscription services or other
distribution facilities to help customers keep up-to-date with the latest viral strains.
5.3
Incident Handling
Incident handling is the action or plan for dealing with intrusions. The best way to act
on an incident is by having well-documented procedures in place. Being able to rely on
solid documentation will help in minimizing the chance that a crucial step in the process
will be forgotten.
The five steps listed below can be used as a roadmap in incident handling:
x Preparation
x Identification
x Containment
Search WWH ::
Custom Search