Essay Sample on Security Auditing Key Concepts and Methods

Introduction

Security valuation in any system is valued through the assessment of the level of the risk. Security auditing is the process of establishing the overall security risk in an information system through risk analysis which helps in the management of the risk (Raggad & Collar Jr, 2006). It is essential for an organization to regularly carry out a security audit to validate the existing security control and recommendations.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Monitoring, Intrusion Detection and Reporting Mechanisms

Security auditing is a continuous process that involves monitoring and reporting mechanisms. The monitoring process includes the creating of a set of performance indicators and benchmarks that can be continuously reviewed to ensure the security of a system. The benchmarks in performance indicators play a significant role in maintaining security standards within an information system. Reporting, on the other hand, is taking note of any incidents in the system which should be made to enable further action and evaluation (Appari & Johnson, 2010). Security incidents such as information hacks and security mechanism failures are to be reported every time. Reporting is carried out through a telephonic system that can be automated in a 3-step or 2-step reporting mechanism. Intrusion detection is the most crucial aspect in the security auditing because it monitors for any suspicious issues in the system which is reported for further activity (Kruegel, Valeur, & Vigna, 2004). The Anomalous-based System is one of the most effective intrusion detection methods that is based on the assumption that any unusual activity in the information system should be considered as malicious (Kruegel et al., 2004). Initially, a standard profile of the system is established, and any future activities that deviate from the set model are flagged as intrusive (Kruegel et al., 2004). Although this intrusion detection is effective the existence of attacks that imitate the legitimate profile poses a significant threat to the information system using this intrusion detection method. Therefore, it is good to install more than one intrusion detection method in an information system to avoid any potential incident going unnoticed. The three components play a significant role in the overall security system auditing (Raggad & Collar Jr, 2006).

Information Collection Methods

The intrusion detection data needs to be collected and analyzed for immediate and future security auditing. There are different data collection methods which are integrated into the intrusion detection framework (Kruegel et al., 2004). The event boxes in the intrusion detection system collect raw data from the network traffic or the operating system which is processed in the analytic boxes. The A-boxes analyze events provided by the E-boxes which is sent to the database boxes for storage which allows future reference and events auditing (Kruegel et al., 2004). Upon auditing, the response boxes in the intrusion detection system carry response messages with directives on the different actions that are supposed to be taken to mitigate the detected intrusion (Kruegel et al., 2004). The typical responses to a security intrusion include the resetting of the network security, killing processes, and the modification of the firewall system to prevent future incidences.

Risk, Response and Recovery

Identifying risks from the system auditing process and intrusion detection requires risk response, management, and recovery. Risk management just like risk identification is a continuous process. The following summary will identify different types of risks, response and recovery approach in information security.

Risk Management

Risks in the information technology systems vary, and all have a significant potential of maiming the overall operations in a system. Risks can be hackers who illegally access computer systems and poses a threat to the information loss or fraud by altering the information in the system (Sherer & Alter, 2004). Besides, password theft, dishonesty of the staff and denial of services are amongst threats that should be identified by the intrusion detection system for further management responses. Risk classification plays a significant role in overall risk management by ensuring that the risk components, factors, and probability are identified (Sherer & Alter, 2004). The risk components refer to the potential adverse outcomes posed by a threat such as security, financial and functionality outcomes. Identifying the component of the risk helps to make decisions on the appropriate response and recovery options to be taken.

Response to Risk

Upon the detection of an intrusion in the information system, an alert is generated which and after assessing the risk, a response mechanism should be put in place. The intrusion detection system can have a proactive ability to respond to a potential threat or others a manual assessment is required to create the most appropriate response (Kruegel et al., 2004). A proactive intrusion detection system which has dynamic response capability upon the detection of the risk can be able to initiate automatic countermeasures such as changing the firewall settings, killing processes, shutting down the connection to the network or modifying file permissions. However, in such cases of automated countermeasures, the attackers can take advantage of it to cause a denial of service or damage the system (Kruegel et al., 2004). A good response system should have a dynamic intrusion detection tool that ensures real-time system protection. In this approach, the audit data is processed as it is produced which ensure timely activity analysis and proper response to any potential risk.

Business Continuity and Recovery Planning

Having an effective intrusion detection system and quick response to threats is not enough due to the potential disruption of services. Therefore, business continuity and recovery planning is critical and refers to measures that ensure continuity of business activities within the shortest time possible. Upon completion of the security auditing using stored and potential outcomes, an organization can be able to create a continuity plan. For instance, if the risk is service interference or denial an organization can create a backup system such as cloud data storage which ensures continuous data access when the system is compromised to prevent any disruption. Backup systems and alternative access points can help to provide continuous services upon reporting of any incidence. Offsite data which is mirrored in two sites ensure quick recovery and prevent downtime which could have significant negative implications (Badhel & Chole, 2014). Besides, another essential recovery approach is using vendors to manage data security and applications used by an organization which ensures that the vendor can hold data automatically if any threat is detected until safety is restored in the system.

References

Appari, A., & Johnson, M. E. (2010). Information security and privacy in healthcare: current state of research. International Journal of Internet and enterprise management, 6(4), 279-314. Retrieved from http://clearwatercompliance.com/wp-content/uploads/Information-security-and-privacy-in-healthcare_Current-State-of-Research.pdf

Badhel, S. P., & Chole, V. (2014). A review on data back-up techniques for cloud computing. International Journal of Computer Science and Mobile Computing, 3(12), 538-542. Retrieved from https://ijcsmc.com/docs/papers/December2014/V3I12201498.pdf

Kruegel, C., Valeur, F., & Vigna, G. (2004). Intrusion detection and correlation: challenges and solutions (Vol. 14). Springer Science & Business Media. Retrieved from http://www.springer.com/978-0-387-23398-7

Raggad, B. G., & Collar Jr, E. (2006). The simple information security audit process: SISAP. IJCSNS, 6(6), 189. Retrieved from https://pdfs.semanticscholar.org/f880/c371d94dd32f957af0594a048efb559d2e93.pdf

Sherer, S. A., & Alter, S. (2004). Information systems risks and risk factors: Are they mostly about information systems? The Communications of the Association for Information Systems, 14(1), 36. Retrieved from https://www.researchgate.net/publication/254703220_Information_Systems_Risks_and_Risk_Factors_Are_They_Mostly_About_Information_Systems