Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Where is the head and tail?

from [Harshal Mehta] Network Security [Permanent Link]
Subject: Where is the head and tail?
Date: Tue, 27 Feb 2007 11:13:39 +0530 
Hi Wali,



 How should I start? Well, I can start to outline Change Management
procedures that would be followed. Segregation of duties between various
levels of developers, quality assurance, app admin etc. That's generic.


I suggest you should understand the basic working of the application.
Its not require to have a full understanding of the accounting or
finance.You should just have a fair knowledge of the flow of the
information.
Then you can start with the listing of the security procedures like

Change Management -  How changes are made, who all are authorized to
make the changes, who reviews the changes, is there a fall back
procedure for the changes made, whether records are maintained for the
changes made and so on.
Backup Management -  How regularly backup is taken , who is
responsible for backup, type of backup, where is backup is stored.
Privilege Management - What privilege levels are defined, are they
required for the daily operations, privilege access matrix.

Then what? I am a novice when it comes to accounting and finance. Should I
define workflows within dept. of accounting? Should I sit with accountants
and other users and get deep into various things they do and then look
deeply inside each module of this finance application in order to study
General Ledgers, Journal Vuchers, Accounts recievables/payables etc. That
would take months!!


Then you can start with the real application audit like checking in for:

Administrative privileges
Logging
Database vulnerabilities
A detailed understanding of the subject is not required, but should
have knowledge of the critical information and the threats to it. Then
you can design a checklist which will help you in auditing the
application.

I think this would help.......



Harshal Mehta

Information Security Analyst
ISO 27001 IA CEH cVa ITIL
NII Consulting
Mobile: +91 9819066601
Website:  www.niiconsulting.com

---------------------------------------------------------------------------
This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse. Arm your enterprise with BigFix, the single converged IT security and operations engine. BigFix enables continuous discovery, assessment, remediation, and enforcement for complex and distributed IT environments in real-time from a single console.
Think what's next. Think BigFix. 

http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/
---------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Hacking Book / Information, brain5ide
Next by Date:  RE: Hacking Book / Information, J.M. Seitz
Previous by Thread:  Where is the head and tail?, WALI
Next by Thread:  Re: Where is the head and tail?, crazy frog crazy frog
Indexes:  [Date] [Thread] [Top] [All Lists]