IT Scope based IT Device Audit
This subject focuses on risk-based auditing from an enterprise IT perspective. It covers the requirements for a risk-based audit and the steps necessary before, during and after an audit. Additionally, it discusses risk mitigation methods, and provides analysis for selecting controls and measuring control effectiveness.
UTM & USM
Unified threat management (UTM) or unified security management (USM), is a solution in the network security industry, and since 2004 it has gained currency as a primary network gateway defence solution for organizations. In theory, UTM is the evolution of the traditional firewall into an all-inclusive security product able to perform multiple security functions within one single system: network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, data leak prevention and on-appliance reporting. The term UTM was originally coined by market research firm IDC. The advantages of unified security lie in the fact that rather than administering multiple systems that individually handle antivirus, content filtering, intrusion prevention and spam filtering functions, organizations now have the flexibility to deploy a single UTM appliance that takes over all their functionality into a single rack mountable network appliance.
Firewall Analyser (audit) provides elaborate compliance report for the Firewall devices. The report helps to configure the Firewall rules, which will prevent potentially dangerous access to network and allow only those network hosts that are required. The report identifies all the Firewall security related issues. The tool audits the complete Firewall security and thoroughly analyses the configuration of Firewalls. It provides a security audit report with a overall security rating. The reports identify the security issues in the device. The impact of the issues on the device security are rated for their severity. The easiness to fix the issue is assessed. Based on the issues, the report recommends security best practices. It categorizes the threats faced to various levels and recommends configuration and other changes to tighten the security of the Firewall.
Security information and event management
Security information and event management (SIEM) is a term for software products and services combining security information management (SIM) and security event management (SEM). SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. SIEM is sold as software, appliances or managed services, and are also used to log security data and generate reports for compliance purposes. The acronyms SEM, SIM and SIEM have been sometimes used interchangeably. The segment of security management that deals with real-time monitoring, correlation of events, notifications and console views is commonly known as security event management (SEM). The second area provides long-term storage as well as analysis and reporting of log data, and is known as security information management (SIM). As with many meanings and definitions of capabilities evolving requirements continually shape derivatives of SIEM product categories. The need for voice centric visibility or vSIEM (voice security information and event management) is a recent example of this evolution.
You should conduct one at regular intervals, and even when a network administrator is new to a network or group. A general audit doesn't have to be a full-dress exercise. You can do them in an informal way, building a chart in an Excel spreadsheet; or collecting the data and entering it into a database. One way to ease the chore is to draw up some standardized forms that you can hand out to your clients. They can fill in the blanks and return the form, saving you lots of time and effort in this endeavour. What should an audit cover? There are several aspects you need to be aware of. Obviously, hardware and software must be audited; Asset-management tools help a lot here. Less obvious though, but still very important, is to have an audit that will help you gauge security mechanisms (which users and groups have which rights and privileges, for example), responses to problems and problem escalation, a list of assignments, and areas of responsibilities.