3rd Part from Audits and Assessments

Question 1

What are audits?

Answer 1

Audits can be performed by someone internal in the organization or they can be performed by an external entity.

Audits are the evaluation of effectiveness of organizational policies, procedures, processes and controls and involves finding the gaps in these policies and producers from industry standards.

For example - There can be an audit of access control systems. In this audit, audit team will make sure access control policies are current (as compared to industry standards) and they are being followed by organization’s employees.

Also, note - for supervising the audit processes, there is a Audit Committee who consists of board of directors.

Question 1

What are some of the benefits of performing audits?

Answer 1

1. With audits, we can provide attestation that we are in compliance with industry regulations or applicable laws.
2. We can find any gaps in policies, procedures and processes.
3. Audits helps us make sure that our current policies, standards and processes are still effective to protect against threats.

Audits should be performed on regular basis.

Question 2

Give me some example of audits.

Answer 2

1. Privilege creep audits - employees tend of gain more privileges as they change job roles
2. Account usage audits
3. Access control audits
4. Audit to check if company is adhering to GDPR

Many more………

Question 3

What are assessments (Internal and external)?

Answer 3

Assessment is the process of assessing current organizational controls and information systems to make sure they are still effective in protecting against current threats, vulnerabilities and risks.

It could be performed by internal team or external entity.

Question 4

When should an organization normally perform an assessment and what are different kinds of assessments?

Answer 4

When it is adding new systems to the organization.
Or current systems are undergoing through changes.

Different assessments :

Risk Assessment
Threat assessment :
Vulnerability Assessment :

Question 5

What are some of the benefits of external 3rd party audits as compared to internal audits?

Answer 5

3rd party audits can help us provide validation of adherence or facts (like Financial status to stakeholders) to someone like Government or stakeholders.

2. They also increase transparency
3. They also foster trust with customers and stakeholders.

Question 6

What is Penetration Testing?

Answer 6

it is simulated cyber attack on information systems.

Types :

Physical Pentesting
Offensive Pentesting
Defensive Pentesting
Integrated Pentesting (It works both the red team and the blue team who work in collaboration)

Question 7

What is Reconnaisance?

Answer 7

It is process of collecting more information about a target using different sources to make our attack more effective against a target.

Types :

Active reconnaisance
Passive reconnaisance

Pentesting could be in following environments:

1. Known environment (White box)
2. Partial know environment
3. Unknown environment (Black box)

Question 8

What are some of the benefits of defensive pentesting?

Answer 8

1. It can help us improve our detection techniques
2. It can help us to improve our Incident response processes and find any gaps in them.

Question 9

What is attestation in Security audits and assessments?

Answer 9

It is a process that involves the formal validation or confirmation provided by an entity that is used to assert the accuracy and authenticity of specific information.

It is used as an proof of compliance.

There could be :
Software Attestation
Hardware Attestation
System Attestation

Question 10

What is one hacking tool that DION has recommended to learn?

Answer 10

metasploit

It is a full freamework

Question 11

What is Cyber Resilience?

Answer 11

It is the capability of a system, to continue its operation even some adverse incident has occurred.

Question 12

What is redundancy?

Answer 12

It refers to having multiple instances of something like multiple webservers (With primary server and secondary server).

We can have redundancy by having redundant of following -

1. Power supplies
2. Network connection
3. Servers
4. Software Services
5. Service Providers (Like by having multiple cloud [providers)

Question 13

What is the concept of High Availability?

Answer 13

High Availability refers to the process of decreasing downtime of something.

We can have high availability using :

1. Load Balancing
2. Clustering

Question 14

What are different RAIDs for Data Redundancy?

Answer 14

RAID (Redundant Array of independent disks)

RAID0 - Striping - requires a minimum of 2 disks

RAID 1 - mirroring - require a minimum of 2 disks

RAID 5 - Striping with parity = require a minimum of 3 disks

RAID 6 - Striping with double parity - require a minimum of 4 disks

RAID 10 - requires a minimum of 4 disks

Question 15

What is Capacity planning?

Answer 15

It is crucial strategic planning to meet future demands cost effectively.

4 main things to consider for capacity :
1. People - Capacity planning teams consider the current skillset of employees and will check whether they will need to hire more people for new skill set or to increase the number of people in current skill set.

2. Technology - CP Team check whether current technology will be sufficient for their future needs or they will need to expand their technology infrastructure to meet future needs.
3. Infrastructure - if it needs more physical space
4. Process - whether new processes need to be implemented to meet future needs.

Question 16

For power redundancy, what are different power redundancy techniques and what are different power related terms?

Answer 16

1. Surges
2. Spikes - a short transient voltage increase
3. Sags
4. undervoltage events
5. Full power loss event

Protection for above -

UPS
Line conditioners
Generators
PDC (Power Distribution centres)

Question 17

What are different data backup options and best practices for Data backup?

Answer 17

We can do On-site Data backup or Offsite (that will protect from natural calamities at the primary location)

Data backups should be encrypted in transit and rest.

We can take SNAPSHOTS as well as our data backups instead of taking the full back up of data.
Snapshots are back up of changes that has occurred to the organizational data as compared to previous backed Data.

Question 18

How can we know about how often an organization should do Data backups?

Answer 18

We can answer this question by knowing how much data organization is willing to lose if something catastrophic happens.

We also have to keep RPO (Recovery Point Objective) in mind.

Question 19

What are some key points of Data Recovery process in Data Backups?

Answer 19

There should be Data recovery plans in organizations and these plans can have following steps involves:

1. Selection of backup
2. Initiating the recovery process
3. Data Validation
4. Testing and validation
5. Documentation and reporting
6. Notification

Question 20

What is the concept of Journaling in Data Backup processes?

Answer 20

It is the process of maintaining a meticulous record of every change made to an organization’s data over time.

Question 21

What are continuity of operation plan?

Answer 21

It includes BCP (Business continuity plan) and DRP (Disaster recovery plan)

BCP is normally for disruptive events
and DRP is for disasters.

DRP is a subset of BCP.

• Senior leadership/management takes change of BCP/DRP development.
• a Business continuity coordinator is appointed to lead Business Continuity Committee.
• BC committee includes people from all/different departments.

Question 22

What are different redundant site considerations?

Answer 22

Warm sites
Hot sites
Cold Sites
Mobile sites (can be hot cold or warm)
Virtual site

Question 23

What is the concept of Platform Diversity in Cyber Resilience?

Answer 23

A vital aspect in redundant site design that uses different platforms to prevent single point of failure in disaster recovery.
Like having our primary infrastructure on on cloud provider and secondary on another cloud provider.