Logging user events Flashcards
What is considered a security event?
Every activity on a system, from loging to sending an email
Why should all these events be logged?
To monitor behaviour, especially user behaviour, in a system
How to organisations monitor logs?
Organisations will examine the electronic audit log files of confidential information for signs of unauthorised activities
What happens if unauthorised activities or attempts are found?
Data can be moved to a control database for additional investigations and necessary action
When can security event logging and monitoring only work
When it is part of an effective data collection and analysis process
What do security logs contain?
Mass of data to the point where it will be near impossible for a human to effectively identify threats within it
What is the key to effective security logging and monitoring?
The ability to filter out unecessary information and focus solely on critical events that could compromise the integrity and/or availability of confidential information.
Critical Events(Reconnaissance against systems)
Adversaries perform research on computing environments that could be their next target
Critical Events(Weaponisation)
An intrusion with a computing environment when adversaries decided to take action against a network or IT system
Critical Events(Delivery)
The manifestation of an exploit against a vulnerability within a network or IT system
Critical Events(Installation of malware)
observed when an adversary has modified native functionality of a network or IT system to maintain persitstance
Critical Events(Command and control)
When criminal hackers gain access to a server and system and effectively take control of a computing environments
Critical Events(Action begins)
Determining what the adversary does and maintaining visibility of them at all times in critical; it is vital to understand their desired goal and prevent the successful intrusion
