Following an authorized person through a door

Info icon This preview shows pages 5–7. Sign up to view the full content.

View Full Document Right Arrow Icon
following an authorized person through a door Monitoring and Auditing Monitoring – problem identification and resolution Monitor for: n Illegal Software Installation n Hardware Faults n Error States n Operational Events Penetration Testing – Testing a networks defenses by using the same techniques as external intruders n Scanning and Probing – port scanners n Demon Dialing – war dialing for modems n Sniffing – capture data packets n Dumpster Diving – searching paper disposal areas n Social Engineering – most common, get information by asking Violation Analysis n Clipping levels must be established to be effective n Clipping Level – baseline of normal activity, used to ignore normal user errors n Profile Based Anomaly Detection n Looking for: n Repetitive Mistakes n Individuals who exceed authority n Too many people with unrestricted access n Patterns indication serious intrusion attempts Auditing IT Auditors Audit: n Backup Controls n System and Transaction Controls n Data Library Controls n Systems Development Standards n Data Center Security n Contingency Plans Audit Trails n Enables tracking of history of modifications, deletions, additions. n Allow for accountability n Audit logs should record: n Transaction time and date n Who processed transaction n Which terminal was used n Various security events relating to transaction Also should look at: n Amendment to production jobs n Production job reruns n Computer Operator practices Other issues with audit logs: Retention and Protection of audit media and reports Protection against alteration Problem Management
Image of page 5

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Goals of problem management: n Reduce failures to a manageable level n Prevent occurrence of a problem n Mitigate the impact of problems Potential Problems: n Performance and availability of computing resources n The system and networking infrastructure n Procedures and transactions n Safety and security of personnel Abnormal Events - that can be discovered by an audit n Degraded resource availability n Deviations from the standard transaction procedures n Unexplained occurrences in a processing chain Objective of problem management is resolution of the problem Threats and Vulnerabilities Threat - if realized can cause damage to a system or create a loss of C.I.A. Vulnerability – a weakness in a system that can be exploited by a threat Threats: Accidental loss Operator input error and omissions - manual input errors Transaction processing errors – programming errors Inappropriate Activities: n Can be grounds for job action or dismissal n Inappropriate content – storing inappropriate content like porn n Waste of Corporate Resources – personal use of hardware and software n Sexual or Racial Harassment – Using e-mail or other resources to distribute inappropriate material n Abuse of privileges or rights – using unauthorized access levels to violate confidentiality of company data Illegal Computer Operations n Eavesdropping – sniffing, dumpster diving, social engineering n
Image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern