Spending less than 5 minutes a week along with a cup of coffee, you can monitor your IT security as required by the FFIEC's "Interagency Guidelines Establishing Information Security Standards."  For more information and to subscribe visit http://www.yennik.com/it-review/.

REMINDER - The ISACA Information Security and Risk Management Conference is being held September 13-15, 2010 in Las Vegas, Nevada. This is a great conference that I highly recommend.  For more information and to register, please go to http://www.isaca.org/isrmc.  I will the there and look forward to meeting you.

FYI - PCI Council unveils expected changes for DSS guidelines - The PCI Security Standards Council this week unveiled a summary of changes expected to appear in the upcoming release of a new version of its payment security guidelines. http://www.scmagazineus.com/pci-council-unveils-expected-changes-for-dss-guidelines/article/176889/?DCMP=EMC-SCUS_Newswire

FYI - Security perspectives on call center ID theft risks - How big do your call center employees factor into identity theft risk assessment? Considering that often the weapon of choice may be a notepad and a pencil, this hard-to-track insider threat has become even more complicated by the recent decade's globalization for cost savings. http://www.scmagazineus.com/security-perspectives-on-call-center-id-theft-risks-part-1/article/176887/?DCMP=EMC-SCUS_Newswire

FYI - Malicious widget hacked millions of Web sites - Parked sites hosted by Network Solutions spread malware since at least May - As many as five million Web sites hosted by Network Solutions have been serving up malware, probably for several months, a security expert said. http://www.computerworld.com/s/article/9180783/Malicious_widget_hacked_millions_of_Web_sites?taxonomyId=17

FYI - RIM to give India partial access - Research In Motion (RIM) remained silent over reports that it will give Indian authorities access to messages sent over its systems. http://www.thestar.com/business/companies/rim/article/848624--rim-to-give-india-partial-access-reports

FYI - College officials wary of ‘cyber insurance' for private data - Officials at both of Hidalgo County’s public institutions of higher learning said they would rather rely on preventive measures than buy costly “cyber insurance” to protect against threats to their data security. http://www.themonitor.com/news/officials-41652-insurance-college.html

FYI - GAO - Critical Infrastructure Protection: Key Private and Public Cyber Expectations Need to Be Consistently Addressed
Release - http://www.gao.gov/products/GAO-10-628
Highlights - http://www.gao.gov/highlights/d10628high.pdf

ATTACKS, INTRUSIONS, DATA THEFT & LOSS

FYI - Russian charged with selling credit card numbers online - A Russian man accused of selling stolen credit card numbers online for nearly a decade has been arrested in Nice, France, and faces charges in an indictment unsealed Wednesday, the U.S. Department of Justice said. http://www.computerworld.com/s/article/9180589/Russian_charged_with_selling_credit_card_numbers_online?taxonomyId=17

FYI - Zeus botnet raid on UK bank accounts under the spotlight - More details of sophisticated cyber-blag emerge - More details have emerged of how security researchers tracked down a Zeus-based botnet that raided more than $1m from 3,000 compromised UK online banking accounts. http://www.theregister.co.uk/2010/08/11/zeus_cyberscam_analysis/

FYI - German Men Arrested in Pattaya over Internet Banking Theft - Two young German nationals have been arrested in Pattaya on Monday after allegedly hacking the bank accounts of a Royal Military Academy lecturer. The two men where found to have stolen approximately Bt700,000 from the victim using information logging viruses. http://www.pattayadailynews.com/en/2010/08/10/german-hackers-arrested-in-pattaya-over-internet-banking-scam/

FYI - Heartland denies systems involved in new data breach - Austin police says hackers broke into a network connecting restaurant with payment processor - Heartland Payment Systems, which last year suffered the largest ever data breach involving payment card data, is downplaying reports out of Austin, Texas linking the payment processor to a data breach at a local restaurant chain. http://www.computerworld.com/s/article/9180660/Heartland_denies_systems_involved_in_new_data_breach?taxonomyId=82

FYI - Personal data of unemployed Oregon residents, psychology patients stolen - Two Oregon car burglaries in the past week have resulted in the loss of the personal information of thousands of Portland, Ore. psychology patients and unemployed state residents. http://www.scmagazineus.com/personal-data-of-unemployed-oregon-residents-psychology-patients-stolen/article/176964/?DCMP=EMC-SCUS_Newswire

Return to the top of the newsletter

INFORMATION TECHNOLOGY SECURITY - We continue the series on the National Institute of Standards and Technology (NIST) Handbook.

Chapter 18 - AUDIT TRAILS

18.1 Benefits and Objectives

18.1.2 Reconstruction of Events

Audit trails can also be used to reconstruct events after a problem has occurred. Damage can be more easily assessed by reviewing audit trails of system activity to pinpoint how, when, and why normal operations ceased. Audit trail analysis can often distinguish between operator-induced errors (during which the system may have performed exactly as instructed) or system-created errors (e.g., arising from a poorly tested piece of replacement code). If, for example, a system fails or the integrity of a file (either program or data) is questioned, an analysis of the audit trail can reconstruct the series of steps taken by the system, the users, and the application. Knowledge of the conditions that existed at the time of, for example, a system crash, can be useful in avoiding future outages. Additionally, if a technical problem occurs (e.g., the corruption of a data file) audit trails can aid in the recovery process (e.g., by using the record of changes made to reconstruct the file).

18.1.3 Intrusion Detection

Intrusion detection refers to the process of identifying attempts to penetrate a system and gain unauthorized access.

If audit trails have been designed and implemented to record appropriate information, they can assist in intrusion detection. Although normally thought of as a real-time effort, intrusions can be detected in real time, by examining audit records as they are created (or through the use of other kinds of warning flags/notices), or after the fact (e.g., by examining audit records in a batch process).

Real-time intrusion detection is primarily aimed at outsiders attempting to gain unauthorized access to the system. It may also be used to detect changes in the system's performance indicative of, for example, a virus or worm attack. There may be difficulties in implementing real-time auditing, including unacceptable system performance.

After-the-fact identification may indicate that unauthorized access was attempted (or was successful). Attention can then be given to damage assessment or reviewing controls that were attacked.