auditing   941

« earlier    

Cyber security and information risk guidance for Audit Committees - National Audit Office (NAO)
"Audit committees should be scrutinising cyber security arrangements. To aid them, this guidance complements government advice by setting out high-level questions and issues for audit committees to consider."
auditing  risk_management  cyber_security  security  dopost 
25 days ago by niksilver
Auditing Algorithms - Northeastern University
Today, we are surrounded by algorithmic systems in our everyday life. Examples on the web include Google Search, which personalizes search results to try and surface more relevant content; Amazon and Netflix, which recommend products and media; and Facebook, which personalizes each user's news-feed to highlight engaging content. Algorithms are also increasingly appearing in real world contexts, like surge pricing for vehicles from Uber; predictive policing algorithms that attempt to infer where crimes will occur and who will commit them; and credit scoring systems that determine eligibility for loans and credit cards. The proliferation of algorithms is driven by the explosion of Big Data that is available about people's online and offline behavior.

Although there are many cases where algorithms are beneficial to users, scientists and regulators are concerned that they may also harm individuals. For example, sociologists and political scientists worry that online Filter Bubbles may create "echo chambers" that increase political polarization. Similarly, personalization on e-commerce sites can be used to implement price discrimination. Furthermore, algorithms may exhibite racial and gender discrimination if they are trained on biased datasets. As algorithmic system proliferate, the potential for (unintentional) harmful consequences to users increases.
algorithm  auditing 
4 weeks ago by tonyyet
Risk Management – The 3 Lines of Defense for Good Risk Management
"Today, a new governance model is gaining popularity. The “three lines of defense” (3LoD) model mobilizes three separate groups—business managers, central risk and compliance management teams, and internal auditors—to work together at different stages to provide increased protection against an ever-widening array of risks."
risk_management  management  auditing  dopost 
5 weeks ago by niksilver
linux - Find which process is modifying a file - Unix & Linux Stack Exchange
down vote
You can use auditd and add a rule for that file to be watched:

auditctl -w /path/to/that/file -p wa
Then watch for entries to be written to /var/log/audit/audit.log.
monitoring  files  linux  auditing  filehandles  systemtap 
6 weeks ago by po
In-depth Malware Analysis: Malware Lingers with BITS | Secureworks
Figure 1. Sample log entry from Microsoft-Windows-Bits-Client/(Microsoft-Windows-Bits-Client/Operational.evtx) event log. (Source: SecureWorks)

Logged details about the pending tasks were terse. The log indicated that new jobs had been created but did not provide detail. CTU researchers used tools that parsed the BITS job database and provided the missing details (see Figure 2)

CTU researchers recommend that clients consider enumerating active BITS tasks on a host ...(bitsadmin /list /allusers /verbose)

now use powershell bits commandlet
microsoft  bits  malware  incidentresponse  auditing  forensics 
10 weeks ago by bwiese
Investigating Microsoft BITS Activity - SANS Internet Storm Center
BITS is fully integrated within the Microsoft OS and generates events in the EventLog but everybody knows that such pieces of evidence can be easily cleared by the attackers. How to investigate an incident involving file transfer performed via BITS? French researchers from ANSSI[3] had a look at the queue manager files created by BITS.
auditing  microsoft  download  threathunting 
11 weeks ago by bwiese
Investigating PowerShell: Command and Script Logging »
Restricting access to PowerShell is notoriously difficult. As an example, the PowerShell Empire project has a capability to inject the required .NET assemblies into memory, allowing PowerShell functionality even if PowerShell.exe has been removed or blocked on the system. Perhaps the only way to truly prevent malicious PowerShell activity is to stop an attacker from achieving administrative privileges.
powershell  crowdstrike  auditing 
11 weeks ago by bwiese
Command line data must be included in process creation events.
Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior. Enabling "Include command line data for process creation events" will record the command line information with the process creation events in the log. This can provide additional detail when malware has run on a system.
stig  cybersecurity  windows  auditing  threathunting 
11 weeks ago by bwiese
Microsoft Security Advisory 3004375 | Microsoft Docs
How does this update change security event ID 4688?
After installing and configuring this security update, administrators will see a newly added element in the 4688 security event called Process Command Line, which contains the entire command that was executed for the event in question.
cybersecurity  auditing  windows  threathunting  events  microsoft 
11 weeks ago by bwiese
The most important audits my team performed | Norman Marks on Governance, Risk Management, and Audit
"Internal auditors should understand that business is not about avoiding or limiting risk, it is about taking the right risk. I have learned that all internal auditors should consider themselves business people who have a job as internal auditors."
dopost  risk_management  auditing 
january 2018 by niksilver

« earlier    

related tags

&  2fa  abc7  activedirectory  activerecord  admin  administration  adwords  ai  aiux  aktivismus  algorithm  algorithmic-accountability  algorithmic  algorithmic_transparency  algorithms  analysis  apache  apt  artificial-intelligence  artificial  audit  auditd  authenticate  authentication  authorization  aws  background  bash  bastille.linux  bastions  bias-correction  bias  bids  bits  blockchain  brickandmortar  business  businessmodel  buy-to-let  chainofcustody  charts  checker  cli  cloud  cluster  code-review  code  compliance  computers  conference  configuration  conservation  container  containers  content  crowdstrike  crypto  culture  cyber_security  cybersecurity  data  database  dba  debian  delicious  demand  dev  developer  development  devops  dfir  dmarc  dml  dna  docker  documentation  dopost  download  dpkg  dynamic  election2016  elections  elk  email  encryption  ethical_ai  ethics  evaluation  eventlog  events  evidence  exchange  expiration  extensions  facebook  fairness  featured  filehandles  files  filesystems  floss  forecasting  forensics  framework  friends  gem  gems  github  golang  google  googlecharts  grocery  halderman  hardening  hcds  headers  hibernate  historical  html  http  https  iam  inbox  incidentresponse  infosec  intelligence  inventory  is:video  java  justice  keyword  laravel-package  laravel  law  letsencrypt  linter  linux  list  log  logging  logs  lynis  machine_learning  mailbox  malware  management  microservices  microsoft  mitm  ml  monitoring  mysql  network  new-features  nginx  northpointe  o365  oauth  open-source  openscap  opensource  openssh  ops  optimizing  packaging  paper  patching  pdf  pentesting  percona  permissions  php  plugins  policy  postgresql  powershell  ppc  predictive-policing  price  pricing  privacy  probability  process  product  property  proxy  psql  rails  recommendations  recording  recsys_eval  reference  research  research_ethics  retail  revenue  review  rfid  risk_management  roles  ruby  sandvig  scanner  science  screening  search  searchcap:  secure  security  seo  serps  server2016  service  services  shopper  slack  software  spacewalk  spreadsheets  sql-server  sql  ssh  ssl  statistics  stig  stock  stories  suggest  supply  sysadmin  syscall  systemtap  technology  techsupport  teleport  terminal  threathunting  tip  tips  tool  tools  top  traffic  tripwire  trueallele  turk  user  utilities  versioning  voting  vs  web  windows  windows10  your   

Copy this bookmark: