Identify strategies to control and monitor each event to mitigate risk and minimize exposure
Identify at least two types of security events and baseline anomalies that might indicate suspicious activity.
One type of a security event that might indicate supicious activity is an authentication failures found in audit logs. Audit logs contain a high volume of events so particular attention on which events that should be specifically tracked and managed require consideration. An audit log can identify patterns of activity that can signal a security a potential breach. Whether the attack was successfull or not the audit information should be stored in a central respository for future forensic refernce if ever needed.
Another type of security event or baseline anomalie could be the increased network traffic which could indicate an unauthorized server, software, or potential malware. Shareware installed on a client device is a perfect example where network traffic could increase when downloading electric content onto a corporate network that could potentially be infected with malware. Shareware also opens up the device to sharing its data to the outside world potentially leaking propriatry and confidential data. Monitoring network bandwidth, closing firewall ports, and removing local administrator rights are a few ways to remediate shareware activity.
Given a list of policy violations and security breaches, select three breaches, and consider the best options for controlling
Identify at least two types of security events and baseline anomalies that might indicate suspicious activity.
One type of a security event that might indicate supicious activity is an authentication failures found in audit logs. Audit logs contain a high volume of events so particular attention on which events that should be specifically tracked and managed require consideration. An audit log can identify patterns of activity that can signal a security a potential breach. Whether the attack was successfull or not the audit information should be stored in a central respository for future forensic refernce if ever needed.
Another type of security event or baseline anomalie could be the increased network traffic which could indicate an unauthorized server, software, or potential malware. Shareware installed on a client device is a perfect example where network traffic could increase when downloading electric content onto a corporate network that could potentially be infected with malware. Shareware also opens up the device to sharing its data to the outside world potentially leaking propriatry and confidential data. Monitoring network bandwidth, closing firewall ports, and removing local administrator rights are a few ways to remediate shareware activity.
Given a list of policy violations and security breaches, select three breaches, and consider the best options for controlling