Download Lottery`s Log Management Business Objectives

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
Document related concepts

IT risk management wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Mobile security wikipedia , lookup

Cyberattack wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Security-focused operating system wikipedia , lookup

Information security wikipedia , lookup

Computer security wikipedia , lookup

Social engineering (security) wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Unix security wikipedia , lookup

Transcript 
Lottery Log Management:
Reviewing Gaming System Logs
Why, What, and How
Why You Should Review
• Keep you and your director from
getting fired!
• Consistent with business objectives
©2009 Delehanty Consulting LLC
Every Standard Says You Should!
(Do you want to explain why you weren’t?)
• NIST 800-92 Guide to Computer Security Log
Management
• ISO 27002/17799 Code of practice for
information security management
• COBIT 4 Control Objectives for Information &
Technology
• NIST 800-53 Recommended Security Controls for
Federal Information Systems
©2009 Delehanty Consulting LLC
Lottery’s Log Management
Business Objectives
1. Security Operations: Security policies
and systems are operating as planned
2. IT Operations: Determine whether IT
operations can be improved and whether
they are susceptible to issues
3. Forensics: Capture admissible proof that
could serve as evidence if harm was done
or rules/policies were intentionally broken
©2009 Delehanty Consulting LLC
Analyze What?
• SANS – Top 5 Essential Log Analyses
• NIST SP 800-92 Guide to Computer
Security Log Management (consistent
with ISO 17799/27002)
©2009 Delehanty Consulting LLC
SANS
Essential Log Analyses
1.
2.
3.
4.
Attempts to access through existing accounts
Failed file or resource access attempts
Unauthorized changes to groups, users, etc.
Suspicious/unauthorized network traffic
©2009 Delehanty Consulting LLC
NIST Additions
• Transaction information
• Significant Operational Actions
– Application startup and shutdown
– Task execution
– Application failures.
©2009 Delehanty Consulting LLC
Transaction Information
• All transactions should be written to a
master transaction file that cannot be altered
prior to being received by the Lottery
• Requirement met by:
– Transaction Master File
– ICS system
• Better source for forensic evidence than
Gware
©2009 Delehanty Consulting LLC
How
Activity Analysis Strategies
1.
2.
3.
4.
Review all activities and processes
Focus on high-risk activities
Focus on high-risk processes
Develop baselines and then look for
anomalies
5. Time sampling or all days
6. All systems, select systems, or sampling
©2009 Delehanty Consulting LLC
How – A Process Approach
You’re First Log Review
•
•
•
•
High risk
Daily review
All gaming systems
Handout leads you through process
©2009 Delehanty Consulting LLC
Related documents
Avacor 2
Avacor 2
BRANDMARKE WHO WE ARE. WHAT WE DO.
BRANDMARKE WHO WE ARE. WHAT WE DO.
Marketing - Workshop
Marketing - Workshop
Information Technology Marketing
Information Technology Marketing
Product Marketing Versus Product Management
Product Marketing Versus Product Management
PHOTO VIDEO CONSENT FORM Current
PHOTO VIDEO CONSENT FORM Current
ABS Consulting - SANS Institute
ABS Consulting - SANS Institute
international business studies
international business studies
MedReturn Drug Collection Unit Order Form MedReturn, LLC P.O.
MedReturn Drug Collection Unit Order Form MedReturn, LLC P.O.
View Presentation - FloorPlanOnline
View Presentation - FloorPlanOnline
Fiscal Pressures: Excess Cost Growth
Fiscal Pressures: Excess Cost Growth
Lesson 5.1 - The Marketing Plan
Lesson 5.1 - The Marketing Plan