Professional Documents
Culture Documents
CSF011G05 - Audit Monitoring Governance
CSF011G05 - Audit Monitoring Governance
Welcome to:
Unit 5 - Audit and Monitoring, Intelligence, Compliance,
Management and Governance
• Definition
– An information security audit is a process in which the organization’s
technology team conducts an organizational review to ensure that the
correct and most up-to-date processes and infrastructure are being
applied.
• Explanation
– Auditing is an evaluation of a person, organization, system, process,
enterprise, project or product performed to determine the validity and
reliability of information and also to provide an assessment of system’s
internal controls
• Internal Audit
– Internal audit, sometimes called 1st party audit, is a systematic,
independent and documented process usually conducted by
organizations themselves
– Internal auditing is an independent, consulting and assuring activity
designed to improve an organization's operations.
• External Audit
– These audits are conducted by the other organizations for to verify and
validate the status of information security
• There are generally 2 types of external audits:
– 2nd party audit
– 3rd party audit
• Antimalware Software
• Intrusion prevention and detection systems
• Web Proxies
• Authentication Servers
• Routers
• Firewalls
• Network Quarantine Servers
• Log parsing
– To use inputs from another process of logging by extracting data from
another log is called log parsing
• Event filtering
– The log entries are suppressed from reporting, long-term analysis or
simple analysis and this process is known as event filtering
• Event aggregation
– A single entry is made by consolidating many entries which are similar.
This process is known as event aggregation
• Rotation of log
– The process of opening a new log file after closing an existing log file is called
log rotation
• Archival of log
– : Important logs are sometimes retained for an extended time period, this
process is known as log archival
• Compression of log
– The process of storing a log file in such a way that it doesn’t alter the
content’s meaning and the size of the log file is reduced as well
• Reduction of log
– The process of creation of a new log by removing entries from a log which are
not needed
• Conversion of log
– This process parses a log in one format and stores its entry in a second
format
© Copyright IBM Corporation 2015
Monitoring and control IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Definition
– GRC is an integrated approach for improving governance through
more-effective compliance and a better understanding of the impact of
risk on business performance. It used by corporations to act in
accordance with the guidelines set for each category.
• Explanation
– GRC is the integration of all governance, risk assessment and
mitigation, and compliance and control activities to operate in synergy
and balance.
– Governance, Risk Management and Compliance (GRC) are three
pillars that work together for the purpose of assuring that an
organization meets its objectives
– A GRC strategy can help create business value by reducing costs,
identifying operational inefficiencies, rationalizing controls, and
enabling identification and management of risks
© Copyright IBM Corporation 2015
GRC Pillars IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Governance
– Good governance is about steering the company in the right direction
as well as evolving policies and procedures and improving process
efficiency to achieve better alignment with corporate goals
• Risk Management
– Effective risk management enables companies to protect the value
built within an organization and can also create new value by
identifying opportunities to build growth, increase competitive
advantage and drive efficiencies throughout the organization
• Compliance
– Compliance is achieved through various controls that are defined and
established to help organizations prevent or detect policy violations
and to improve business processes throughout the organization
• Accelus GRC
– Solution built to handle the diverse requirements of internal audit,
internal controls management, risk management, policy management,
legal and compliance professionals
• Key benefits:
– Provides visibility, transparency and oversight over GRC processes
– Monitor and track regulatory rule changes
– Mitigate risk hiding in client relationships and related human networks
– Identify and mitigate legal, regulatory and business risk
– Maintain effective policies and demonstrate supervision
– Streamline, audit, risk management and internal control processes
– Efficiently address required regulatory disclosure deadlines
• Open-Pages
– Is an integrated governance, risk and compliance platform that enables
companies to manage risk and regulatory challenges across the
enterprise
• Key benefits:
– Internal Audit
– Definition, planning, execution and reporting audit for all business lines
– Automated workflows and configurable reports
– IT Risk
– IT risk evaluation
– Identified critical risk, controls and gaps
– Operational Risk
– Identify, manage and monitor high level reports