CYBER SECURITY UNIT-4

1. What Is a Cyber security Audit?

 Cyber security is an integral part of risk management. A cyber security
audit is a review of the cyber security risks your organization faces, as
well as the policies, procedures, and controls your organization uses to
keep those risks at acceptable levels.
Cyber security audit is an opportunity to review your IT systems,
find weaknesses, and implement remediation measures to make your
cyber security stronger.
An audit will examine cyber security processes, software, and
hardware. Audits assure that those things are implemented properly, or
catalogue the ways in which they aren’t.

2. Internal Audit Pros and Cons

 Internal auditing is an independent, objective assurance and consulting
activity designed to add value and improve an organization's operations.
Pros: -
a) Usually much less expensive
b) More control over the process
c) Can be tailored to your organization
Cons: -
a) Personnel time costs
b) Might not be sufficient for regulatory or industry compliance
c) Possible learning curve, depending on your security staffing
d) Decisions might be affected by internal biases
e) Might not have the experience to determine the appropriate scope

3. External Audit Pros and Cons

 An external audit is a financial review that is conducted by a party not
associated with the company or department that is voluntarily or
involuntarily under audit An external audit takes place within a defined
set of rules or laws.
The Pros and Cons of External Audit are: -
Pros: -
a) Experienced professionals with formal training
b) Unbiased
c) May be more efficient
d) Can assure compliance with regulatory and industry standards
Cons: -
 a) Might take longer
b) Expense might be too much for smaller organizations
c) More complex to coordinate with external auditors

(Probability + impact + capabilities) /3 = risk score

4. What are the Phases and subjects of Audit?

 Phases of the Audit
1. Prepare
● All necessary stakeholders are involved.
● Scope is clearly defined.
● Possible business disruptions caused by the audit have
been identified.
● Auditors are sufficiently trained and equipped.
2. Conduct
● All threats are identified.
● Measure against standards specific to the technology in
use.
● Measure against standards specific to your industry.
● Know all pertinent compliance requirements.
3. Respond
● Plan next steps based on audit findings.
● Actions are specific to each threat.

Subjects of the Audit

Each of the following subjects can be broken down into an even more
detailed audit checklist, but every audit should cover the following:
● Management
● Employees
● Business practices
● IT staff
● Physical security
● Secure data
● Active monitoring and testing

5. What is Computer Forensics?

 Computer forensics, also referred to as computer forensic analysis,
electronic discovery, electronic evidence discovery, digital discovery,
data
 recovery, data discovery, computer analysis, and computer examination,
is
the process of methodically examining computer media (hard disks,
diskettes, tapes, etc.) for evidence. A thorough analysis by a skilled
examiner can result in the reconstruction of the activities of a computer
user.

6. Role of forensics Investigator

 A cyber forensic investigator retrieves and makes sense of the
information contained on computer systems, storage devices, and in
electronic documents and files. The devices may have been erased,
damaged, compromised, or corrupted by unauthorized access or
malicious software.
Tasks a forensics investigator may perform are: -
 Retrieve data from virtual and physical devices
 Collect and analyse network intrusion artifacts and evidence of
malicious network activity
 Reconstruct the series of events leading to a compromise or breach
 Collect, process, analyse, and preserve digital evidence in criminal
cases.
 Extract and analyse metadata
 Collaborate with law enforcement, as well as legal, compliance, and
HR teams
 Ensure chain of custody of digital evidence
 Write technical reports to document case findings.
 Identify potential threats and provide recommendations for better
security.
 Provide testimony in depositions, trials, and other legal proceedings

7. Forensics Investigation Process

 Cyber forensics is a field that follows certain procedures to find the
evidence to reach conclusions after proper investigation of matters. The
investigation process consists of the following steps: -

Identification: The first step of cyber forensics experts is to identify what

evidence is present, where it is stored, and in which format it is stored.

Preservation: After identifying the data the next step is to safely

preserve the data and not allow other people to use that device so that
no one can tamper data.
 Analysis: After getting the data, the next step is to analyse the data or
system. Here the expert recovers the deleted files and verifies the
recovered data and finds the evidence that the criminal tried to erase by
deleting secret files. This process might take several iterations to reach
the final conclusion.

Documentation: Now after analysing data a record is created. This

record contains all the recovered and available (not deleted) data which
helps in recreating the crime scene and reviewing it.

Presentation: This is the final step in which the analysed data is

presented in front of the court to solve cases.

8. Collecting Network based Evidence

 Sources of network forensic evidence
i. Sources of evidence.
ii. Application and OS logs.
iii. Intrusion Detection System/Intrusion Prevention System
(IDS/IPS) alerts.
iv. Routers, Firewalls and proxy logs.
v. Captured Network traffic.

9. Writing Computer Forensics Reports



10.Explain in detail the forensic analysis of E-mail.

 Email forensics is the study of source and content of email as evidence to identify
the actual sender and recipient of a message along with some other information
such as date/time of transmission and intention of sender. It involves investigating
metadata, port scanning as well as keyword searching.
Some of the common techniques which can be used for email forensic
investigation are: -

 Header Analysis
 Server investigation
 Network Device Investigation
 Sender Mailer Fingerprints
 Software Embedded Identifiers
11.What is the need for Computer Forensics?
 The main aim of cyber forensics is to maintain the thread of evidence
and documentation to find out who did the crime digitally. Cyber
forensics can do the following:
a. It can recover deleted files, chat logs, emails, etc.
b. It can also get deleted SMS, Phone calls
c. It can get recorded audio of phone conversations.
d. It can determine which user used which system and for how much
time.
e. It can identify which user ran which program.

12.Information Security Management System Management.

 An Information Security Management System describes and
demonstrates your organisation’s approach to information security and
privacy. It will help you identify and address the threats and
opportunities around your valuable information and any related assets.
That protects your organisation from security breaches and shields it
from disruption if and when they do happen.

13.Key benefits of ISMS.


i. Help you win new business and enter new sectors
ii. Strengthen your relationship with your existing customers
iii. Build your organisation’s brand and reputation
iv. Protect your business from security breaches
v. Achieving the benefits

14.What is ISO?
 The International Organization for Standardization (ISO) is an
international non-governmental organization made up of national
standards bodies; it develops and publishes a wide range of proprietary,
industrial, and commercial standards and is comprised of
representatives from various national standards organizations.

15.Benefits of ISO Certification.


a) It will protect your reputation from security threats
The most obvious reason to certify to ISO 27001 is that it will help you
avoid security threats. This includes both cyber criminals breaking into
your organisation and data breaches caused by internal actors making
mistakes.
b) You’ll avoid regulatory fines
ISO 27001 helps organisations to avoid the costly penalties associated
with non-compliance with data protection requirements such as the
GDPR (General Data Protection Regulation).
Indeed, the Standard’s framework has much in common with the GDPR,
and organisations can use its guidelines to achieve and maintain
compliance.

c) It will protect your reputation

By achieving ISO 27001 compliance, you can demonstrate to
stakeholders that you take information security seriously.
An ISO 27001-certified ISMS (Information security management system)
helps protect your organisation and keeps you out of the headlines.

d) It will improve your structure and focus

With ISO 27001, you can create a system that has enough flexibility to
ensure that everyone maintains their focus on information security
tasks. Similarly, it requires organisations to conduct annual risk
assessments, which help you make changes where necessary.

e) It reduces the need for frequent audits

ISO 27001 certification is globally accepted and demonstrates effective
security, reducing the need for repeat customer audits.

16. What are the key processes of ISO 27001:2013?

 ISO 27001, includes a risk assessment process, organisational structure,
Information
classification, Access control mechanisms, physical and technical
safeguards, Information security policies, procedures, monitoring and
reporting guidelines.
ISO/IEC 27001:2013 specifies the requirements for establishing,
implementing, maintaining and continually improving an information
security management system within the context of the organization.