Chapter 4 - Auditing and Accountability Flashcards
What does accountability provide us with?
the means to trace activities in our environment back to their source
it provides us with a number of capabilities, when properly implemented, which can be of great use in conducting the daily business of security and information technology in our organizations
What do we need to ensure we have accountability?
We need certain other tools to be in place and working properly.
What does accountability rely on?
Accountability depends on identification, authentication, and access control being present so that we can know who a given transaction is associated with, and what permissions were used to allow them to carry it out.
How can we ensure that identification, authentication and access control are helping accountability?
Given proper monitoring and logging, we can often do exactly this and determine, in very short order, the details of the situation in question.
What are the security benefits of accountability?
Implementing accountability often brings with it a number of useful features from a security perspective. When we implement monitoring and logging on our systems and networks, we can use this information to maintain a higher security poster than we would be able to do otherwise.
Describe the additional benefits of using tools that deliver accountability?
nonrepudiation
deter those that would misuse our resources
help us in detecting and preventing intrusions
assist us in preparing materials for legal proceedings
What is nonrepudiation?
Nonrepudiation refers to a situation in which sufficient evidence exists as to prevent an individual from successfully denying that he or she has made a statement, or taken an action.
How do we accomplish nonrepudiation?
In information security settings, this can be accomplished in a variety of ways
We may be able to produce proof of the activity directly from system or network logs, or recover such proof through the use of digital forensic examination of the system or devices involved. We may also be able to establish nonrepudiation through the use of encryption technologies, more specifically through the use of hash functions that can be used to digitally sign a communication or a file.
Describe deterrence
Accountability can also prove to be a great deterrent against misbehavior in our environments. If those we monitor are aware of this fact, and it has been communicated to them that there will be penalties for acting against the rules, these individuals may think twice before straying outside the lines.
Describe intrusion detection and prevention
One of the motivations behind logging and monitoring in our environments is to detect and prevent intrusions in both the logical and physical sense. If we implement alerts based on unusual activities in our environments and check the information we have logged on a regular basis, we stand a much better chance of detecting attacks that are in progress and preventing those for which we can see the precursors.
Describe Admissibility of Records
When seeking to submit documents in a legal setting, it is much easier to have them accepted when they are produced from a consistent tracking system.
How do we accomplish accountability?
We can attempt to ensure accountability by laying out the rules and ensuring that they are being followed.
Describe auditing
Auditing is one of the primary ways we can ensure accountability through technical means.
Keeping track of who did what and when, is auditing.
What does auditing provide us with?
The data with which we can implement accountability.
What do we audit?
When we perform an audit there are a number of items we can examine, primarily focused on compliance with relevant laws and policies.
Passwords
Software Licensing
Internet usage