- Evaluate the organization’s information security and privacy policies and practices.
- Evaluate physical and environmental controls to determine whether information assets are adequately safeguarded.
- Evaluate logical security controls to verify the confidentiality,integrity, and availability of information.
- Evaluate data classification practices for alignment with the organization’s policies and applicable external requirements.
- Perform technical security testing to identify potential threats and vulnerabilities.
- Evaluate potential opportunities and threats associated with emerging technologies, regulations, and industry practices.
- Evaluate IT operations to determine whether they are controlled effectively and continue to support the organization’s objectives.
- Evaluate IT maintenance practices to determine whether they are controlled effectively and continue to support the organization’s objectives.
- Evaluate database management practices.
- Evaluate data governance policies and practices.
- Evaluate problem and incident management policies and practices.
- Evaluate change, configuration, release, and patch management policies and practices.
- Evaluate end‐user computing to determine whether the processes are effectively controlled.
- Evaluate the organization’s ability to continue business operations.
- Evaluate policies and practices related to asset lifecycle management.
- Evaluate whether the business case for proposed changes to information systems meet business objectives.
- Evaluate the organization’s project management policies and practices.
- Evaluate controls at all stages of the information systems development lifecycle.
- Evaluate the readiness of information systems for implementation and migration into production.
- Conduct post-implementation review of systems to determine whether project deliverables, controls, and requirements are met.
- Evaluate the IT strategy for alignment with the organization’s strategies and objectives.
- Evaluate the effectiveness of IT governance structure and IT organizational structure.
- Evaluate the organization’s management of IT policies and practices.
- Evaluate the organization’s IT policies and practices for compliance with regulatory and legal requirements.
- Evaluate IT resource and portfolio management for alignment withthe organization’s strategies and objectives.
- Evaluate the organization’s risk management policies andpractices.
- Evaluate IT management and monitoring of controls.
- Evaluate the monitoring and reporting of IT key performance indicators (KPIs).
- Evaluate whether IT supplier selection and contract management processes align with business requirements.
- Identify opportunities for process improvement in the organization’sIT policies and practices.
- Evaluate potential opportunities and threats associated withemerging technologies, regulations, and industry practices.
- Conduct periodic review of information systems and enterprise architecture.
- Evaluate the information security program to determine itseffectiveness and alignment with the organization’s strategies andobjectives.
- Evaluate whether IT service management practices align withbusiness requirements.
CISA Certification is strongly recommended for Inforamtion System Auditing processes if you as an auditor
- Plan audit to determine whether information systems are protected, controlled, and provide value to the organization.
- Conduct audit in accordance with IS audit standards and a risk-based IS audit strategy.
- Communicate audit progress, findings, results, andrecommendations to stakeholders.
- Conduct audit follow-up to evaluate whether risks have been sufficiently addressed.
- Utilize data analytics tools to streamline audit processes.
- Provide consulting services and guidance to the organization inorder to improve the quality and control of information systems.
WAFW00F is a Python tool to helps in fingerprinting and identifyng Web Application Firewall (WAF) products. It is an active reconnaissance tool as it actually connects to the web server, but it starts out with a normal HTTP response and escalates as necessary.
How does WAFW00F work?
- Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions
- If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is
- If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks
Nmap is a free open source tool which can be used for foot-printing/ reconnaissance to discover hosts and services on a computer network by sending packets and analyzing the retrieved responses. Nmap is a noisy scanner and can be easily detected by firewalls. “The quieter you become, the more you are able to hear”. Thus, as a security analyst, one must learn how to do it quietly and anonymously.
- Nmap can provide information on targets, including reverse DNS names, device types, and MAC addresses.
- Host discovery – Identifying hosts on a network. For example, listing the hosts that respond to TCP and/or ICMP requests or have a particular port open.
- Port scanning – Enumerating the open ports on target hosts.
- OS detection – Determining the operating system and hardware characteristics of network devices.
- Version detection – Interrogating network services on remote devices to determine the application name and version number.
- Scriptable interaction with the target support using the Nmap Scripting Engine (NSE).
Commands of Nmap
Nmap scans against ip or hosts: These commands will help to scan against ip or hostname.
nmap 220.127.116.11 nmap scanme.nmap.org
Nmap ping scans: It helps in detecting hosts on any network, however, in most cases remote hosts block ip-based ping packets, thus ARP-based requests are recommended.
nmap -sp 192.168.5.0/24
Specific ports or entire port range on a remote or local server: This results in the scan for all 65535 ports on localhost computer. Further, specific ports on specific ip or hosts can be scanned using nmap.
nmap -p 1-65535 localhost nmap-p 80, 443 scanme.nmap.org nmap-p 80, 443 18.104.22.168
Scan multiple IP Addresses: Multiple ip or hosts can be scanned or range of hosts, consecutive ip, or entire subnet, or random hosts, or excluding targets
nmap 192.168.0.1 192.168.0.2 nmap -p 192.168.0.1,2,3,4 nmap 192.168.0.1-10 nmap 192.168.0.1/24 nmap -iR 0 nmap 192.168.0.1/24 –exclude 192.168.0.100, 192.168.0.200
Scan popular ports: Specifying 10 limits the popular ports on the host/ip
nmap --top-ports 10 192.168.1.106
ARP Ping: Using traceroute, force reverse DNS resolution, alternative DNS lookup
nmap –traceroute 192.168.0.1 nmap -R 192.168.0.1 nmap –system-dns 192.168.0.1
On Nov 21, 2019, a meeting was held in between Cyber Security Experts from Nepal and Mr. Jeffrey Ringel, Director of Operation, The Soufan Group, New York and team.
The Soufan Group is a global intelligence and security consultancy that helps clients in the public and private sectors enhance their ability to identify, assess, and successfully operate in high-risk, high opportunity environments. They focus on the most important geostrategic challenges of time, addressing existing fault lines and anticipating emerging trend lines. They enable and support informed strategic and tactical decisions that maximize opportunity and minimize risk.
The meeting was carried with discussion on private sector perspective and cases of Cyber Crime such as Ransomware, Sabotage, Hack, Identity Theft, Disinformation etc. Mr. Ringel was kind enough to help us understand the extension of Cyber in to modern disintermediation strategic and tactical threats – disinformation model, indemnification/ quantification, response strategies and counter measures, regulatory/ legislative context. The data privacy perspective plus legislation including General Data Protection Regulation (EU GDPR 2016/679), California Consumer Privacy Act (CCPA 2018).
On Nov 21, 2019, a meeting was held in between John Jay College of Criminal Justice and Cyber Security and Cyber Crime Experts from Nepal. Professor Douglas Salane – Program Director, Professor Shweta Jain – Program Advisor, Digital Forensics and Cyber Security Degree Program briefed about the growing resources needs in US in the field of Cyber Security, Cyber Crime, Digital Forensics.
John Jay College of Criminal Justice meets the challenges of fighting cyber crime by providing professional science education in digital forensic science and cyber security with concern for justice. The Digital Forensics and Cyber Security program offers a Master of Science in Digital Forensics and Cyber Security Degree and two advanced certificate programs. The MSc in Digital Forensics and Cyber Security degree program offers a balance of practice and theory through study in computer sicence, law and criminal justice. The program produces professional qualified as digital forensic scientist who can apply and sustain their expertise as new technological and societal challenges emerge; who understand the scientific, legal and criminal justice context of high technology crime; and who can effectively communicate their knowledge to others.
On Nov 21, 2019, a meeting was held with Mr. Timothy Howard, Co-Chief and Mr. John M. McEnany, Associate US Attorney at United States Attorney’s Office, Southern District of New York for discussion on Cyber Crime and Cyber Security with Cyber Security Experts, Lawyers, Public Attorneys from Nepal.
The United States Attorneys serve as the nation’s principal litigators for the Federal Government under the direction of the US Attorney General of the US Department of Justice. The US Attorneys are the federal prosecutors in Federal Court. The US Attorney’s office prosecutes cases involving violations of federal laws, and represents the interests of the United States Federal Government and its agencies in criminal and civil matters. The Office investigates and prosecutes a broad array of criminal conduct , even when the conduct arises in distant places. Today, the office is only forefront of many important areas of criminal law enfoccement, including terrorism, white collar and cyber crime, mortgage fraud, public corruption, gang violence, organized crime, international narcotics trafficking and civil rights violations. Similarly, the office litigates significant civil cases the Department of Justice handles – from large affirmative civil fraud cases to cases in the environmental, health care, immigration and bankruptcy areas, as well as cases implicating classified information.
The Complex Frauds and Cyber Crime Unit oversees the investigation and prosecution of complex fraud cases involving financial institution fraud, mortgage fraud, health care fraud, and tax fraud, as well as cyber crimes. The unit was created in 2009 to apply renewed focus and additional resources toward addressing the significant threat that complex fraud schemes and cyber crimes pose to the national economy and to the financial health of individuals and their local communities. The unit works in close coordination with the Civil Division’s Civil Frauds Unit and with the Criminal Division’s Money Laundering and Asset Forfeiture Unit, to maximize the recovery of criminal proceeds from complex frauds, and to return the money to victims.