Security
Reader small image

You're reading from  CISA – Certified Information Systems Auditor Study Guide - Second Edition

Product typeBook
Published inJun 2023
PublisherPackt
ISBN-139781803248158
Edition2nd Edition
Concepts
Information Security
Right arrow
Author (1)
Hemang Doshi
Hemang Doshi
author image
Hemang Doshi

Hemang Doshi has more than 15 years of experience in the field of system audit, IT risk and compliance, internal audit, risk management, information security audit, third-party risk management, and operational risk management. He has authored several books for certification such as CISA, CRISC, CISM, DISA, and enterprise risk management.
Read more about Hemang Doshi

Right arrow

Security Event Management

Security assessment is the process of identifying, implementing, and managing various security tools and techniques. This chapter will help you evaluate the organization’s information security policies and practices and determine the risks associated with the Information Systems (IS) by understanding different attack methods and techniques.

The following topics will be covered in this chapter:

  • Security awareness training and programs
  • Information system attack methods and techniques
  • Security testing tools and techniques
  • Security monitoring tools and techniques
  • Incident response management
  • Evidence collection and forensics

Security Awareness Training and Programs

Automated controls alone cannot prevent or detect security incidents. Knowledge, experience, and awareness on the part of employees play a key role in mitigating information security risks. Security awareness programs are crucial in IT risk management.

Employees should be educated about various aspects of security events to minimize their impact. Security awareness programs should include the dos and don’ts regarding password frameworks, email usage, internet usage, social engineering, and other relevant factors.

Participants

Security awareness training should be provided to all employees and contractual staff irrespective of their job functions, designations, or authority. All employees within the organization should be aware of security requirements.

For job functions where critical data is processed or critical assets are handled, enhanced training should be provided. OS configuration, programmers, network engineers, job...

Information System Attack Methods and Techniques

An IS auditor should be aware of the following methods and techniques in relation to IS attacks:

  • Alteration attack: In this type of attack, the data or code is altered or modified without authorization. Cryptographic code is used to prevent alteration attacks.
  • Botnets: Botnets are compromised computers and are also known as zombie computers. They are primarily used to run malicious software for DDoS attacks, adware, or spam.
  • Buffer overflow: A buffer overflow, or buffer overrun, is a common software coding mistake that an attacker could exploit in order to gain access to the system. This error occurs when there is more data in a buffer than it can handle, causing the data to overflow into adjacent storage. Due to this, an attacker gets an opportunity to manipulate the coding errors for malicious actions. A major cause of buffer overflow is poor programming and coding practices.
  • Denial-of-Service attack (DoS): A DoS...

Security Testing Tools and Techniques

An auditor should be aware of various security testing tools and techniques to determine the security environment of the organization. To evaluate the security risks and controls, an auditor should be well versed in auditing techniques.

General Security Controls

An IS auditor can adopt the following testing techniques for security controls.

Terminal Controls

The following are some important aspects of terminal controls:

  • An auditor should obtain access cards and keys and attempt to enter a restricted area. This will ensure that access controls are effective and operational.
  • An auditor should determine whether the terminal list has been updated and reconciled with addresses and locations. The IS auditor should select a few terminals and try to locate them in the network diagram.
  • An auditor should verify whether any unsuccessful attempts to access the terminals are monitored at regular intervals and whether appropriate...

Security Monitoring Tools and Techniques

Monitoring security events is a very important aspect of information security. Two important monitoring tools are Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs). IDSs only monitor, record, and provide alarms about intrusion activity, whereas IPSs also prevent intrusion activities.

Each of them is discussed in detail.

IDS

An IDS monitors a network (a network-based IDS) or a single system (a host-based IDS) with the aim of recognizing and detecting an intrusion activity.

Network-Based and Host-Based IDSs

The following table differentiates between network-based and host-based IDSs:

Incident Response Management

An incident response management policy is very important in minimizing damage from an incident and in recovering the operations at the earliest possible juncture.

Roles and responsibilities for incident management should be clearly defined. The following are some of the important functions relating to incident management:

  • A coordinator should liaison with process owners
  • An executive officer should oversee the incident response capability
  • Security experts should investigate the incident
  • A public relations team should manage the reputation of both internal and external stakeholders

The incident reporting procedure should be clearly defined, documented, and made available to all employees and relevant stakeholders.

Teams of experts should be available to investigate the incident to arrive at the root cause for preventive action. To address incidents properly, it is necessary to collect evidence as soon as possible after the...

Evidence Collection and Forensics

Digital evidence can be used in legal proceedings provided it has been preserved in its original state. Evidence loses its integrity if the chain of custody is not maintained. The chain of custody refers to the process of identifying, preserving, analyzing, and presenting evidence in such a manner that it demonstrates the reliability and integrity of the evidence.

Chain of Custody

The following are some of the major considerations when demonstrating the chain of custody:

Identify

This refers to the practice of the identification of evidence. This process should not impact the evidence’s integrity. Evidence should not be altered or modified in any way.

Preserve

This refers to the process of preserving evidence, such as the imaging of original media. This process should be followed in the presence of an independent third party. The process of preserving evidence should be documented for further reference.

Analyze

This refers...

Summary

This chapter discussed the various aspects of security awareness training and programs, security testing, and monitoring tools and techniques. You also learned how to evaluate incident management policies and practices, and we discussed how to evaluate evidence collection and the forensics process.

The following is a recap of the important topics taught in this chapter:

  • In a social engineering attack, an intruder attempts to obtain sensitive information from users through their social and psychological skills. They manipulate people into divulging confidential information such as passwords. This kind of attack can best be restricted and addressed by educating users through frequent security awareness training.
  • Digital evidence can be used in legal proceedings provided it has been preserved in its original state. Evidence loses its integrity if the chain of custody is not maintained.
  • The chain of custody refers to the process of identifying, preserving, analyzing...

Chapter Review Questions

Now that you have completed this chapter, it is recommended that you solve the practice questions from it. These chapter review questions have been carefully crafted to reinforce the knowledge you have gained throughout this chapter. By engaging with these questions, you will solidify your understanding of key topics, identify areas that require further study, and build your confidence before moving on to new concepts in the next chapter.

Note

A few of the questions may not be directly related to the topics in the chapter. They aim to test your general understanding of information systems concepts instead.

The following image shows an example of the practice questions interface.

Figure 12.6: CISA practice questions interface

Figure 12.4: CISA practice questions interface

To access the end-of-chapter questions from this chapter, follow these steps:

  1. Open your web browser and go to https://packt.link/v3Rqk. You will see the following screen:
...

Why subscribe?

  • Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals
  • Improve your learning with Skill Plans built especially for you
  • Get a free eBook or video every month
  • Fully searchable for easy access to vital information
  • Copy and paste, print, and bookmark content

At www.packtpub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 13 of 14
Next Chapter
You have been reading a chapter from
CISA – Certified Information Systems Auditor Study Guide - Second Edition
Published in: Jun 2023Publisher: PacktISBN-13: 9781803248158
© 2023 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Hemang Doshi

Hemang Doshi has more than 15 years of experience in the field of system audit, IT risk and compliance, internal audit, risk management, information security audit, third-party risk management, and operational risk management. He has authored several books for certification such as CISA, CRISC, CISM, DISA, and enterprise risk management.
Read more about Hemang Doshi

Personalised recommendations for you

Based on your interests and search pattern

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Attacks will help you understand how to identify attack surfaces and detect vulnerabilities. This book takes a hands-on approach to implementation and associated methodologies and equips you with the knowledge and skills needed to effectively combat web attacks.

BookAug 2023338 pages
Automotive Cybersecurity Engineering Handbook

Automotive Cybersecurity Engineering Handbook

This Automotive Cybersecurity Engineering Handbook untangles the complexities of building secure automotive products and helps you to comply with cybersecurity standards. It provides practical tools, tips, and techniques coupled with real-world examples to enable you to create cyber-resilient automotive products with ease.

BookOct 2023392 pages
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

This book will help you to design, develop, and operate security controls on Google Cloud as well as discover best practices for relevant security domains, including identity and access management, network, and data.

BookAug 2023496 pages
Cloud Penetration Testing for Red Teamers

Cloud Penetration Testing for Red Teamers

The advent of cloud networks and the AWS, Azure, and GCP platforms has revolutionized how companies of all sizes in all industries do business online. This book will help you meet the emerging demand for pentesting as it guides you through the tools, techniques, and security measures used by pentesters and red teamers in the 2020s and beyond.

BookNov 2023298 pages
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is an enterprise IT risk management professional’s dream. With its in-depth approach and various self-assessment exercises, this book arms you with knowledge of every single aspect of the certification, and is a fantastic career companion after you’re certified.

BookSep 2023316 pages5
Burp Suite Cookbook

Burp Suite Cookbook

Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs. It offers guidance on how to configure Burp Suite, make the most of its tools, and explore into its extensions.

BookOct 2023450 pages
Building and Automating Penetration Testing Labs in the Cloud

Building and Automating Penetration Testing Labs in the Cloud

This hands-on guide will help you design and build a variety of penetration testing labs that mimic modern cloud environments running on AWS, Azure, and GCP. In addition to these, you will explore a number of practical strategies on how to manage the complexity, cost, and security risks involved when setting up vulnerable cloud lab environments.

BookOct 2023562 pages
Ethical Hacking Workshop

Ethical Hacking Workshop

As cyber-attacks grow and APT groups advance their skillset, you need to be able to protect your enterprise against cyber-attacks. In order to limit your attack surface, you need to ensure that you leverage the same skills and tools that an adversary may use to hack your environment and discover the security gaps. This book will teach you how to think like a hacker, use state-of-the-art hacking tools, and protect yourself and your organizaiton.

BookOct 2023220 pages
Windows Forensics Analyst Field Guide

Windows Forensics Analyst Field Guide

This book contains step-by-step processes to guide you in any investigation related to Windows OS. You’ll find out how to acquire evidence using multiple tools as well as examine and analyze the collected artifacts, while discovering multiple techniques used in real-world forensic incidents.

BookOct 2023318 pages
Implementing DevSecOps Practices

Implementing DevSecOps Practices

This book is a comprehensive, hands-on guide for individuals new to DevSecOps who want to implement DevSecOps practices successfully and efficiently. With its help, you’ll be able to shift security toward the left, enabling you to merge security into coding in no time.

BookDec 2023258 pages

Network-based IDS

Host-based IDS

It monitors activities across the network

It monitors the activities of a single system or host

Comparatively, network-based...