Securing Mobile Devices Audit

Mobile computing devices have become a critical tool in today’s networked world as enterprises and individuals rely on mobile devices to remain reachable. Mobile devices have been, and continue to be, a source of security incidents. Thus, E-SPIN Group Of Companies would like to share on how to Secure Mobile Devices Audit.

First of all, lets have a quick understanding on what is mobile device refers to :

“Mobile device” which also known as a handheld is a small, handheld computing device, typically having a display screen with touch input and/or a miniature keyboard. It has an operating system (OS), and can run various types of application software, known as apps.

Mobile Computing Security Audit is a tool and template to be used as a for the completion of a specific assurance road map process. Mobile devices have been, and continue to be, a source of security incident. Mobile devices such as smartphones, laptops, personal digital assistants (PDAs) and Universal Serial Bus (USB) memory sticks have increased convenience, as well as productivity in the workplace. But these benefits are not without risks where there are issues such as device loss, malware and external breaches.

As the availability of human resources and systems continues to be critical to society and business operations, it stands to reason that mobile device usage will continue to escalate, as the features these devices offer. It is therefore imperative that proper risk management be applied, and security controls implemented, to maximize the benefits while minimizing the risks associated with such devices.

Have you Secure Mobile Device Audit?

If you need further assistance and inquiry, feel free to contact us for more details.

Read Full Post »

How to choose a SIEM solution

E-SPIN SIEM Solution

E-SPIN offers some practical tips on choosing a Security Information and Event Management (SIEM) system solution and addresses the question of whether you need one or alternative solution.

Enterprise, particular large enterprise will have the log management, archive, correlation, consolidation, forward security incident for further security investigation or practive action requirement.

Before we go further on the subject, let us define some key terms here first.

Security Information and Event Management (SIEM) is a term for software and products services combining security information management (SIM) and security event manager (SEM). In general, it need to possess cerain key capabilities before we can classify them as SIEM system solution. The solution must have component or subsystem capable to provide the below listed capabilities or functionality:

Data Aggregation: Log management aggregates data from many sources, including network, security, servers, databases, applications, providing the ability to consolidate monitored data to help avoid missing crucial events.

Correlation: looks for common attributes, and links events together into meaningful bundles. This technology provides the ability to perform a variety of correlation techniques to integrate different sources, in order to turn data into useful information. Correlation is typically a function of the Security Event Management portion of a full SIEM solution

Alerting: the automated analysis of correlated events and production of alerts, to notify recipients of immediate issues. Alerting can be to a dashboard, or sent via third party channels such as email.

Dashboards: Tools can take event data and turn it into informational charts to assist in seeing patterns, or identifying activity that is not forming a standard pattern.

Compliance: Applications can be employed to automate the gathering of compliance data, producing reports that adapt to existing security, governance and auditing processes.

Retention: employing long-term storage of historical data to facilitate correlation of data over time, and to provide the retention necessary for compliance requirements. Long term log data retention is critical in forensic investigations as it is unlikely that discovery of a network breach will be at the time of the breach occurring.

Forensic Analysis: The ability to search across logs on different nodes and time periods based on specific criteria. This mitigates having to aggregate log information in your head or having to search through thousands and thousands of logs.

In general all the vendor package solution will be good at one particular capability and weak on another. Not all the scenario you need to have a full scale full suite package solution. For some scenario, you may even just pick the component you need or low cost alternative event log management (ELM) solution to fulfill the operation or regulatory requirement. On another scenario, it may make sense to subscribe SIEM-as-a-service rather than own it.

Do you need a SIEM solution?

Not all enterprise and organization require full scale solution, the operation and regulatory requirement from your industry and context may provide some guideline what really needed or what is nice to have features.

If you want no sure what really need and want to discuss with the solution vendor, please feel free to contact us solution consultant for your requirement.

Read Full Post »