Auditing and Digital Forensics

Definitions from NIST

Digital Forensics: Application of computer science and investigative procedures involving the examination of digital evidence.

Example: More on Digital Forensics

Must follow proper search authority, chain of custody, validation with mathematics, use of validates tools, repeatability, reporting, expert testimony.

Incident Response: Mitigations of violations of security policies and recommended practises.

Security Policies: Set of criteria for the provision of security services.

Defines objectives and constraints of the security program at several levels.

Remember — Security policies should be normally stated so that everyone can understand what’s expected of them.

Risk Management

SIEM Systems

Stands for “Security Information and Event Management/Monitoring Systems”

Security software the compiler information about security information and events.

Alerts security analysis of threats and vulnerabilities.
Handles data from network, database, logs.
Used to streamline security management.

Examples:
Splunk
IBM Qradar
Microsoft Sentinel

IT Auditing

Evaluation of an organization’s information technology infrastructure.

Includes security, data use, and management.
Typically part of a company’s risk management

Interval v. External Audit Routines:
Internal: About once a year
External: Depends on the company (1 to 3 years is common)