Auditing
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> Let's talk about auditability,
00:00
traceability, and accountability.
00:00
Now, I know when the term audit comes up, some people,
00:00
those eyes glaze over and they think, "Well,
00:00
auditing, that's someone else's job."
00:00
By the end of this lesson, I hope you
00:00
see that auditing is critical, important,
00:00
>> and each of us has a role to play
00:00
>> in maintaining security through auditing.
00:00
>> The lesson objectives,
00:00
>> how auditing compliments security.
00:00
>> We're going to talk about the common methods
00:00
for monitoring activity in Cloud environment.
00:00
Talk about the business value that comes with auditing.
00:00
Auditing accountability.
00:00
Auditing is really the ability
00:00
to look through a process,
00:00
an activity, access logs, you name it,
00:00
but basically tie individual actions to changes.
00:00
Being able to do so
00:00
is a critical aspect of what we call non-repudiation,
00:00
to show that individuals took particular actions
00:00
>> or maybe the threat actors took
00:00
>> particular actions when compromising a system.
00:00
But the ability to trace individual activities
00:00
within a system to individuals
00:00
and prevent them from saying,
00:00
"That wasn't me," that's non-repudiation.
00:00
Non-repudiation ties back
00:00
>> to our CIA triad principle of integrity
00:00
>> by being able to show that
00:00
>> any changes that occurred
00:00
within a system were tied to an individual,
00:00
we maintain the integrity of the system
00:00
by making individuals who make changes accountable.
00:00
Did those individuals follow the process
00:00
>> and how do we tie any changes to individual's action?
00:00
>> Now, auditing, we can think of big A auditing
00:00
>> as your internal compliance function
00:00
>> or a third party auditors
00:00
come in and check the controls and ensure that you
00:00
can trace the actions
00:00
taken by individuals to a particular call,
00:00
to do a function and find evidence of that.
00:00
But then also if you were in
00:00
[NOISE] legal or you're accountable for a system,
00:00
if something were to go wrong,
00:00
how would you demonstrate where
00:00
that activity happened and who did what?
00:00
That is a critical place of auditing
00:00
to maintain the integrity of your system
00:00
and also ensure that you can troubleshoot
00:00
problems that may occur in Cloud environments.
00:00
Let's talk about some specific types of monitoring
00:00
>> that help and ensure accountability and auditing.
00:00
>> One is database activity monitoring.
00:00
This is really at a minimum,
00:00
using the ability to actively monitor
00:00
>> in real-time or near real-time
00:00
>> any activity that's done by
00:00
database administrators and it
00:00
should be done across multiple database platforms.
00:00
Really also you can put in
00:00
different alerts to policy violations that occur.
00:00
Maybe types of changes you didn't want to see,
00:00
or types of sharing from
00:00
databases and external sources
00:00
that haven't been approved.
00:00
Well, those are all different things you can do
00:00
>> in terms of database activity monitoring.
00:00
>> Then in a more granular level,
00:00
we can do file activity monitoring,
00:00
which really monitors important pieces
00:00
of data or records that are out
00:00
there and look to only make sure that
00:00
they're kept in designated repositories.
00:00
Then we can, at a more granular user-level,
00:00
figure out who should be able to read this data,
00:00
who should be able to change it,
00:00
who should be able to share that data,
00:00
and also alert to potential policy violations
00:00
>> that we see when those access controls are violated.
00:00
>> Accountability, that really relates to
00:00
>> when policy violations occur.
00:00
>> I mean, there's no point in doing all this auditing
00:00
>> and catching violations
00:00
>> unless there's really accountability.
00:00
>> This can be hard for organizations.
00:00
People make mistakes.
00:00
However, there needs to
00:00
be accountability for their actions,
00:00
or those mistakes will recur in the future
00:00
and introduce risk into your Cloud environments.
00:00
It can be difficult to implement,
00:00
but you have to come up with
00:00
consequences for violations of policy,
00:00
and when those violations are
00:00
discovered through the auditing process.
00:00
Then let's talk about some of the value of auditing.
00:00
Auditing is not just
00:00
about fulfilling a checklist of items,
00:00
it really is setting the rules of the road
00:00
>> and ensuring that your security strategies
00:00
>> and controls are implemented
00:00
>> and working effectively.
00:00
>> Really is your report card on effectiveness.
00:00
Now I know there's an old joke in security, "Well,
00:00
we had a breach this year,
00:00
>> but good news is we passed the security audit."
00:00
>> It is true that auditing and security are separate,
00:00
but they're related in that auditing,
00:00
especially third-party auditing, helps build
00:00
confidence in your security program.
00:00
It doesn't necessarily mean it's going to
00:00
prevent every security breach,
00:00
but auditing is essential to ensure that controls
00:00
>> that are in place are working effectively.
00:00
>> Auditing can also help the organization
00:00
>> as a whole analyze its operations,
00:00
>> and make sure that controls are
00:00
implemented as well as possible,
00:00
and that people's time is not being wasted
00:00
>> in control compliance
00:00
>> when the controls aren't delivering the value.
00:00
>> Really think about auditing as a means
00:00
of tightening things up,
00:00
identifying opportunities for improvement,
00:00
and getting rid of waste within your organization.
00:00
Let's reflect a moment.
00:00
What is your relationship like with
00:00
the auditing/compliance function at your organization?
00:00
Some organizations, auditing can feel just
00:00
like an added activity onto your day job,
00:00
but I really invite you to think of it
00:00
as ensuring the integrity of your processes
00:00
>> and helping you use the auditors almost
00:00
>> as internal consultants to help you think about
00:00
>> how things can be done more efficiently,
00:00
>> and feel free to talk to
00:00
your auditors or compliance within your organization.
00:00
If you feel control is onerous or
00:00
not really delivering much value,
00:00
help them understand how to help you
00:00
in terms of improving the controls
00:00
>> and security within your organization.
00:00
>> Then, is that auditing being
00:00
used effectively to improve operations,
00:00
security, and policy enforcement?
00:00
That's the purpose of auditing.
00:00
Now make sure to have this relationship
00:00
>> with people within your organization,
00:00
>> and talk to them frankly about how auditing
00:00
can be used to improve the business, improve security.
00:00
We all want to have auditing deliver business value,
00:00
and catch violations, and ensure that
00:00
>> those things don't happen in the future.
00:00
>> Think of it as communicate with the auditors
00:00
>> and make sure that you reap the benefits.
00:00
>> It's not just an onerous process that detracts
00:00
from the main cause of the business.
00:00
In summary, we talked about the importance of auditing.
00:00
We talked about how traceability,
00:00
accountability are required for effective security.
00:00
Then also make sure that when they're in
00:00
accountability there are repercussions for violations.
00:00
Then we talked about many of the methods
00:00
>> for implementing monitoring in Cloud environments.
00:00
>> Well, I hope I opened your eyes
00:00
>> to a new perspective on auditing,
00:00
>> and I'll see you in the next lesson.
Up Next
Instructed By
Similar Content
