Does Your Financial Institution need an
affordable Internet security audit?
Yennik, Inc. has clients in 42 states
that rely on
our penetration testing audits
to ensure proper Internet security settings and
meet the independent diagnostic test requirements of
FDIC, OCC, OTS, FRB, and NCUA, which provides compliance with
Gramm-Leach Bliley Act 501(b).
The penetration audit and Internet security testing is an
affordable-sophisticated process than goes far beyond the simple
scanning of ports. The audit
a hacker's perspective, which will help
you identify real-world weaknesses.
For more information, give R. Kinney Williams a call today at
806-798-7119 or visit
Spending less than 5 minutes a week along
with a cup of coffee, you can monitor your IT security as
required by the FFIEC's "Interagency Guidelines Establishing
Information Security Standards."
information and to subscribe visit
REMINDER - The ISACA Information Security and
Risk Management Conference is being held September 13-15, 2010
in Las Vegas, Nevada. This is a great conference that I highly
recommend. For more information and to register, please go to
I will the there and look forward to meeting you.
- PCI Council unveils expected changes for DSS guidelines - The PCI
Security Standards Council this week unveiled a summary of changes
expected to appear in the upcoming release of a new version of its
payment security guidelines.
FYI - Security perspectives on
call center ID theft risks - How big do your call center employees
factor into identity theft risk assessment? Considering that often
the weapon of choice may be a notepad and a pencil, this
hard-to-track insider threat has become even more complicated by the
recent decade's globalization for cost savings.
FYI - Malicious widget hacked
millions of Web sites - Parked sites hosted by Network Solutions
spread malware since at least May - As many as five million Web
sites hosted by Network Solutions have been serving up malware,
probably for several months, a security expert said.
FYI - RIM to give India
partial access - Research In Motion (RIM) remained silent over
reports that it will give Indian authorities access to messages sent
over its systems.
FYI - College officials wary
of ‘cyber insurance' for private data - Officials at both of Hidalgo
County’s public institutions of higher learning said they would
rather rely on preventive measures than buy costly “cyber insurance”
to protect against threats to their data security.
FYI - GAO - Critical
Infrastructure Protection: Key Private and Public Cyber Expectations
Need to Be Consistently Addressed
ATTACKS, INTRUSIONS, DATA THEFT & LOSS
FYI - Russian charged with
selling credit card numbers online - A Russian man accused of
selling stolen credit card numbers online for nearly a decade has
been arrested in Nice, France, and faces charges in an indictment
unsealed Wednesday, the U.S. Department of Justice said.
FYI - Zeus botnet raid on UK
bank accounts under the spotlight - More details of sophisticated
cyber-blag emerge - More details have emerged of how security
researchers tracked down a Zeus-based botnet that raided more than
$1m from 3,000 compromised UK online banking accounts.
FYI - German Men Arrested in
Pattaya over Internet Banking Theft - Two young German nationals
have been arrested in Pattaya on Monday after allegedly hacking the
bank accounts of a Royal Military Academy lecturer. The two men
where found to have stolen approximately Bt700,000 from the victim
using information logging viruses.
FYI - Heartland denies systems
involved in new data breach - Austin police says hackers broke into
a network connecting restaurant with payment processor - Heartland
Payment Systems, which last year suffered the largest ever data
breach involving payment card data, is downplaying reports out of
Austin, Texas linking the payment processor to a data breach at a
local restaurant chain.
FYI - Personal data of
unemployed Oregon residents, psychology patients stolen - Two Oregon
car burglaries in the past week have resulted in the loss of the
personal information of thousands of Portland, Ore. psychology
patients and unemployed state residents.
Return to the top of the newsletter
INFORMATION TECHNOLOGY SECURITY
- We continue the series on the National Institute of Standards and
Technology (NIST) Handbook.
Chapter 18 - AUDIT TRAILS
18.1 Benefits and Objectives
18.1.2 Reconstruction of Events
Audit trails can also be used to reconstruct events after a problem
has occurred. Damage can be more easily assessed by reviewing audit
trails of system activity to pinpoint how, when, and why normal
operations ceased. Audit trail analysis can often distinguish
between operator-induced errors (during which the system may have
performed exactly as instructed) or system-created errors (e.g.,
arising from a poorly tested piece of replacement code). If, for
example, a system fails or the integrity of a file (either program
or data) is questioned, an analysis of the audit trail can
reconstruct the series of steps taken by the system, the users, and
the application. Knowledge of the conditions that existed at the
time of, for example, a system crash, can be useful in avoiding
future outages. Additionally, if a technical problem occurs (e.g.,
the corruption of a data file) audit trails can aid in the recovery
process (e.g., by using the record of changes made to reconstruct
18.1.3 Intrusion Detection
Intrusion detection refers to the process of identifying
attempts to penetrate a system and gain unauthorized access.
If audit trails have been designed and implemented to record
appropriate information, they can assist in intrusion detection.
Although normally thought of as a real-time effort, intrusions can
be detected in real time, by examining audit records as they are
created (or through the use of other kinds of warning
flags/notices), or after the fact (e.g., by examining audit records
in a batch process).
Real-time intrusion detection is primarily aimed at outsiders
attempting to gain unauthorized access to the system. It may also be
used to detect changes in the system's performance indicative of,
for example, a virus or worm attack. There may be difficulties in
implementing real-time auditing, including unacceptable system
After-the-fact identification may indicate that unauthorized access
was attempted (or was successful). Attention can then be given to
damage assessment or reviewing controls that were attacked.