Cybersecurity: Audit and Accountability
Sam Musa | Cyber Security Adjunct Professor, University of Maryland University College
System and performance monitoring is one way universities can identify security issues. System and performance monitoring examines the computer memory, disk inputs and even the bandwidth being consumed. For example, if an application server is infected with malware, it may make the application response time very slow. Recognizing this kind of performance behaviors may assist security officers in finding problems. Performance baseline is another method that can be used to recognize irregular behaviors that affect a computerās performance. For example, a network monitoring application may indicate a bandwidth usage level at certain hours of the day. If a system administrator notices a spike in network usage at 2:00 AM, it would indicate an abnormal behavior.
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) can be used to monitor the network and prevent malicious activities. Systems logs can be used to record security notifications and critical messages about the systems applications. Performance logs can also be used to monitor CPU, memory and bandwidth consumption. In addition, access logs, IDS logs, firewall logs, applications logs and anti-virus logs must be analyzed to gather information about a network that has been attacked. College and university leaders must ensure that systems are capable of auditing failed logon, successful logon, and collecting time stamps, source and destination IP addresses, filenames, and access control rules invoked.
If a system doesnāt permit external access and an audit reports that an external IP address gained access to the system, that event must be recorded, and a notification message must be sent to the system administrator immediately for appropriate actions.
Reviewing large amounts of audit information can be an overwhelming task. But there are many log analysis and correlation tools that can be used to assist universities in seeing their true security postures. Splunk, LogRhythm and ArcSight are just a few log analysis tools that can be used to maximize the efficiency of the collected logs.
Ultimately, postsecondary leaders should compare monitoring methodologies, conduct system audits often, and execute proper logging procedures. System baselines may be used to reduce the time needed to analyze security events. While information systems must be audited for suspicious activities, audited events should be also stored for auditing and investigation purposes.
To see the other articles in the Cybersecurity series, please click here.
Author Perspective: Educator
As someone who spent many years as a student, the possibility having my information leaked is pretty scary. The institutions I attended had enough of my personal information that hackers could easily have stolen my identity and wreaked havoc with my finances. I really hope institutions are taking security threats seriously.
Yes Vera; it is scary. It’s not a matter of possibility of having information leaked, but how to contain the security breaches. It is already happening, and every day we hear about data breaches throughout many industries. That is why auditing is one effective method for ensuring accountability and preventing large-scale security breaches. Thank you for Responding Vera.
With the huge increase weāre seeing in online courses and programs, I can only imagine the increase in hacking and security breaches. Who is keeping track of all this stuff? It sounds like institutions are going to need more and more dedicated staff to keep up with the demands of a security system like this article is advocating for. Thatās a lot of resources.
Thank you for your respond Julie. Unfortunately, institutes are going to need more dedicated staff to ensure security of sensitive data. While resources are needed to ensure security, automated tools are widely available to alleviate that staffing dependency.