Auditing and Accountability

Question 1

Accountability

Answer 1

Trace all activities back to their sources, using identification, authentication, and authorization

Question 2

HIPAA

Answer 2

Health Insurance Portability and Accountability Act of 1996
Protects medical information

Question 3

Sarbanes-Oxley Act of 2002

Answer 3

Protects against corporate fraud

Question 4

Auditing

Answer 4

Process of reviewing an organization’s records or information
Ensures people comply with laws, policies, etc
Prevents attacks

Question 5

Nonrepudiation

Answer 5

Situation in which an individual is unable to successfully deny that he has made a statement or taken an action, generally because of sufficient evidence that he has done it

Question 6

Deterrence

Answer 6

People will think twice about misbehaving on your system if they know you are monitoring them and if you have communicated that there will be penalties for misbehavior
Achieved through auditing and monitoring processes

Question 7

Intrusion detection and prevention

Answer 7

Can occur in both physical and logical realms
Implement alerts based on unusual activity can help detect attacks
Automated tools used: intrusion detection systems (IDSs) and intrusion prevention systems (IPSs)

Question 8

Security benefits of accountability

Answer 8

Nonrepudiation
Deterrence
Intrusion detection and prevention
Admissibility of records

Question 9

Intrusion detection systems (IDSs)

Answer 9

Automated tool used strictly for monitoring and alerting

Question 10

Intrusion prevention systems (IPSs)

Answer 10

Works with information sent from IDS
Can actually take action based on situation

Question 11

Admissibility of records

Answer 11

Need unbroken chain of custody to submit records into legal settings

Question 12

What does your capacity to audit directly relate to?

Answer 12

Your ability to hold anyone accountable for anything.

Question 13

Factors commonly audited in information security

Answer 13

Passwords – allows to enforce policies on use and construction
Software licenses – legally acquired and current; Business Software Alliance
Internet usage – websites employees visit, instant messaging, email, file transfers; use proxy servers to funnel traffic through just a few gateways to filter it

Question 14

Logging

Answer 14

Gives you the history of the activities that have taken place in an environment

Question 15

Are logs usually generated manually or automatically?

Answer 15

Automatically

Question 16

Are logs reactive?

Answer 16

Yes. After the event has taken place.

Question 17

Do logs normally record everything?

Answer 17

No, usually only critical events

Question 18

Who can typically review logs?

Answer 18

Systems administrators

Question 19

How do you catch unusual items in logs?

Answer 19

Schedule regular reviews

Question 20

grep

Answer 20

UNIX and Linux tool for searching text. Can cut down time and assist when asked to review logs for compliance, incidents, investigations, etc.

Question 21

Monitoring

Answer 21

Subset of auditing
Observing information about an environment to discover undesirable conditions such as failures, resource shortages, and security issues; also trends that might signal the arrival of such conditions

Question 22

Is monitoring a reactive tool?

Answer 22

Yes. You can only see something after it has taken place.

Question 23

Clipping level

Answer 23

Unusual levels of unusual activity

Question 24

Assessments (auditing)

Answer 24

Tests that find and fix vulnerabilities before any attackers do
Two types of assessments: vulnerability assessments and penetration testing

Question 25

Are assessments in auditing a reactive tool?

Answer 25

No.

Question 26

Vulnerability assessments

Answer 26

Use vulnerability scanning tools such as Qualys to locate weaknesses in an environment
Uses database of vulnerability of information to spot weaknesses
New or uncommon attack might escape their notice

Question 27

Penetration testing

Answer 27

Mimic the technique an actual attacker would use to breach the system