Testing and Monitoring Security Controls
Identify at least two types of security events and baseline anomalies that might indicate suspicious activity.
Authentication failures and unauthorized access attempts can be found in the log files. They contain complete records of all security events (logon events, resource access, attempted violations of policy, and changes in system configuration or policies) and critical system events (service/daemon start/stop, errors generated, ...view middle of the document...
Given the following list of end-user policy violations and security breaches, select three breaches and identify strategies to control and monitor each event to mitigate risks and minimize exposure.
Removable storage devices that might contain malware, filtered only when passing through the network could be a problem. The Solution: Limiting the privileges of users adapted to the duties assigned to the individual. Making it clear that no removable storage devices are to be brought into the network under no circumstance unless necessary and properly screened first.
Passwords that meet security requirements but remain easily guessable are a hazard and could affect a network. The Solution: Implementing a change of password every so often. Implement the strategy that requires a combination of letters and numbers, and a minimum of a 30 day password renewal policy.
Information on a laptop that is not encrypted would be a huge security issue. It would be likely that there would be some sort of damage in the event of “falling into the wrong hands.” The Solution: To prevent this from happening it is important to encrypt the drives and other sensitive information.