Professional Documents
Culture Documents
Chapter 2.3 Audit, IAM
Chapter 2.3 Audit, IAM
1.1. Purpose:
An IT audit is different from a financial statement audit. While a financial audit's
purpose is to evaluate whether the financial statements present fairly, in all material
respects, an entity's financial position, results of operations, and cash flows in
conformity to standard accounting practices,
The purposes of an IT audit are to:-
Evaluate the system's internal control design and effectiveness.
o This includes, but is not limited to,
o efficiency and security protocols,
o development processes, and
o IT governance or oversight.
o Installing controls are necessary but not sufficient to provide adequate
security.
o People responsible for security must consider if the controls are installed
as intended, if they are effective, or if any breach in security has occurred
and if so, what actions can be done to prevent future breaches. These
inquiries must be answered by independent and unbiased observers.
These observers are performing the task of information systems auditing.
In an Information Systems (IS) environment, an audit is an examination of
information systems, their inputs, outputs, and processing.
The primary functions of an IT audit are to evaluate the systems that are in place to
guard an organization's information. Specifically, information technology audits are
used to evaluate the organization's ability to protect its information assets and to
properly dispense information to authorized parties. The IT audit aims to evaluate the
following:
Will the organization's computer systems be available for the business at all times when
required? (known as availability) Will the information in the systems be disclosed only
to authorized users? (known as security and confidentiality) Will the information
provided by the system always be accurate, reliable, and timely? (measures the
integrity) In this way, the audit hopes to assess the risk to the company's valuable asset
(its information) and establish methods of minimizing those risks.
Authentication
• This area is comprised of Authentication Management and Session
Management.
• Authentication is the module through which a user provides sufficient
credentials to gain initial access to an application system or a particular
resource.
• Once a user is authenticated, a Session is created and referred during the
interaction between the user and the application system until the user logs off or
the session is terminated by other means (e.g. timeout).
• The authentication module usually comes with a password service module when
the userid / password authentication method is used.
• By centrally maintaining the Session of a user, the authentication module
provides Single Sign-On service so that the user needs not logon again when
accesses another application or system governed under the same IAM
Framework.
Authorization
• Authorization is the module that determines whether a user is permitted to
access a particular resource.
• Authorization is performed by checking the resource access request, typically in
the form of an URL in web-based application, against authorization policies that
are stored in an IAM policy store.
• Authorization is the core module that implements role-based access control.
Moreover, the authorization model could provide complex access controls based
on data or information or policies including user attributes, user roles / groups,
actions taken, access channels, time, resources requested, external data and
business rules.
User Management
• This area is comprised of user management, password management, role/group
management and user/group provisioning.
• User management module defines the set of administrative functions such as
identity creation, propagation, and maintenance of user identity and privileges.
• One of its components is user life cycle management that enables an enterprise
to manage the lifespan of a user account, from the initial stage of provisioning to
the final stage of de-provisioning.
User Repository.
• The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral,
industry standard application protocol for accessing and maintaining distributed
directory information services over an Internet Protocol (IP) network.
3. THREAT MANAGEMENT
Cyber Threat Management (CTM) is an advanced management program enabling early
identification of threats, data driven situational awareness, accurate decision-making,
and timely threat mitigating actions.
CTM includes:
1. Manual and automated intelligence gathering and threat analytics
2. A comprehensive methodology for real-time monitoring including advanced
techniques such as behavioural modelling
3. Use of advanced analytics to optimize intelligence, generate security intelligence,
and provide Situational Awareness
4. Technology and skilled people leveraging situational awareness to enable rapid
decisions and automated or manual actions
Cyber threats actors could be financially or socially motivated hackers,
disgruntled/unhappy employees, organized criminal gangs, competitors or state actors.
Some of these actors are well trained and will persist a campaign to achieve their goal of
data theft or damage over weeks to months. A well-organized CTM program is needed
to detect and stop these threats.
Just some of the examples of cyber threats as observed on networks and computers are
suspicious network activity, malicious code, viruses, Trojan horses, root kits,
unauthorized data transfers, phishing attacks and exploited vulnerabilities. Well run
CTM stops these threats before large-scale data breach or widespread asset damage can
occur. Targeted malware or Advanced Persistent Threats (APTs) uses multiple phases
to break into a network, avoid detection, and harvest valuable information over the long
term.
Benefits of Cyber Threat Management
Early detection of threats
Instant recognition of potential impact
Faster decision for expedient, damage limiting actions
CTM vs. Information Security
Cyber Threat Information
Management Security
Reactive Preventative
Observation data Risk, audit and compliance driven
driven
Operates assuming Deploys and monitors control
threats will circumvent controls effectiveness
Real-time Big Data Metrics
driven situational
awareness
Starts where risk management ends Integral part of risk management