Module-3

Device Configuration
 Module-3: Device Configuration
• Common issues in installing or configuring
information security devices
• Methods to resolve these issues
• Methods of testing installed/configured
information security devices
 Common Router problems and
solutions
1. Correct your Wi-Fi Security Settings
2. Update your Hardware or Firmware
3. Fix Overheating or Overloading
4. Remove MAC Address Restrictions
5. Check Wireless Signal Limitations
 Common Router problems and
solutions
1. Correct your Wi-Fi Security Settings
– Network Mode: The router must be allowed to
accommodate all Wi-Fi models used by network
clients. For example, routers designed to run in
802.11g mode only will not support 802.11n or old
802.11b devices. Adjust the router to run in mixed
mode to remedy this kind of network failure.
– Security mode: Most Wi-Fi devices support
several network security protocols (typically different
variations of Wired Equivalent Privacy (WEP) and Wi-
Fi Protected Access (WAP). All Wi-Fi devices, including
routers belonging to the same local network, shall use
the same protection mode.
 Common Router problems and
solutions
1. Correct your Wi-Fi Security Settings
– Security key: Wi-Fi security keys are phrases or
sequences of letters and digits. All devices that
enter the network must be configured to use the
Wi-Fi key recognized by the router (or wireless
access point).
 Common Router problems and
solutions
2. Update your Hardware or Firmware
– The reason for this step is twofold. You can take
benefit of any additional features and
improvements of the new version of the firmware.
Also, your router will normally receive any critical
security updates.
– Typically, you will have the choice of checking,
evaluating, downloading, and installing the latest
firmware on your router's administration tab. The
exact steps depend on the make and model of
your router, so check the specifics of the router
manufacturer's support site.
 Common Router problems and
solutions
3. Fix Overheating or Overloading
– You can set up a different Wi-Fi router or allow the
"Guest Network" option for your router.
– You can also set up a separate Service Set IDentifier
(SSID) and password for your host network to avoid
issues with your main network.
– This segregation would also work with your smart
appliances and secure your key devices from attacks
on the Internet of Things.
– You can also use QoS (Quality of Service). QoS is a
feature on some routers that lets you prioritize traffic
according to the type of data being transmitted.
 Common Router problems and
solutions
4. Remove MAC Address Restrictions
– A number of network routers support a function
called MAC address filtering.
– While disabled by default, router administrators
can turn this function on and limit connections to
only those devices by their MAC address number.
– Check the router to ensure that either the MAC
address filtering is off or the MAC address of the
computer is included in the list of allowed
connections.
 Common Router problems and
solutions
5. Check Wireless Signal Limitations
– If you have a newer router, check if it supports the
5GHz band. Newer routers typically have dual-
band capabilities.
– By allowing dual bands, you could hold older
devices that only support slower G specification
on the 2.4GHz band and newer devices on the
beefier and faster 5GHz band.
– Essentially, this is like having two routers in one.
 Common Router problems and
solutions
• Basic Faults
- Physical Layer Stuff
- Check the Interfaces
- Ping
- Check the Routing Table
- Is there a Firewall on the Computer?
- Any Access Lists?
- Is the VPN Up?
- Do the Protocols Match?
- Check for Human Error
- Verify Settings
 Common Router problems and
solutions
• Physical Layer Stuff:
– Check power issues. Look for power lights, check
plugs, and circuit breakers.
• Check the Interfaces:
– Use the command show ip interface brief or show
ipv6 interface brief to ensure that desired
interfaces are up and configured properly.
 Common Router problems and
solutions
• Ping:
– Use the ping and trace commands to check for
connectivity.
• Check the Routing Table:
– Use the show ip route or show ipv6 route
command to find out what the router knows. Is
there either an explicit route to the remote
network or a gateway of last resort?
 Common Router problems and
solutions
• Is there a Firewall on the Computer?
– If the problem involves a computer, check to
ensure that its firewall is not blocking packets.
– Sometimes there are computers at client locations
with firewalls in operation without the client’s
knowledge.
 Common Router problems and
solutions
• Any Access Lists?
– If the above steps don’t resolve the issue, check
for access-control lists that block traffic.
– There is an implicit “deny any” at the end of every
access-control list, so even if you don’t see a
statement explicitly denying traffic, it might be
blocked by an implicit “deny any.”
 Common Router problems and
solutions
• Is the VPN Up?
– If a VPN is part of the connection, check to ensure
that it is up. Use the show crypto family of
commands to check VPN connections.
– With VPN connections, each end of the
connection must mirror the other.
– For example, even something as seemingly
inconsequential as a different timeout value or a
different key lifetime can prevent a connection.
 Common Router problems and
solutions
• Do the Protocols Match?
– If you are trying to gain remote access to a server,
ensure that it supports the protocol you’re
attempting to use.
– For example, if the router hasn’t been configured
to support SSH and you use the default settings in
PuTTY which call for SSH, you won’t be able to
connect.
– Also, some admins change the default port
numbers, so you may expect to use port 22 with
SSH, but the admin may have configured it to use
a non-standard port.
 Common Router problems and
solutions
• Check for Human Error:
– User errors can also be the source of errors. Check
to ensure that correct usernames and passwords
are being used, that you and the admin on the
other end of the connection are using the same
network addresses and matching subnet masks.
• Verify Settings:
– Do not make assumptions. Verify everything!
 Router Troubleshooting Tools
• Using Router Diagnostic Commands
– Cisco routers provide numerous integrated
commands to assist you in monitoring and
troubleshooting your internetwork.
 Router Troubleshooting Tools
• Using show Commands
– The show commands are powerful monitoring
and troubleshooting tools.
• Monitor router behaviour during initial installation
• Monitor normal network operation
• Isolate problem interfaces, nodes, media, or
applications
• Determine when a network is congested
• Determine the status of servers, clients, or other
neighbours
 Router Troubleshooting Tools
• Using debug Commands
– The debug privileged exec commands can provide
a wealth of information about the traffic being
seen (or not seen) on an interface, error messages
generated by nodes on the network, protocol-
specific diagnostic packets, and other useful
troubleshooting data.
– In many situations, using third-party diagnostic
tools can be more useful and less intrusive than
using debug commands.
 Router Troubleshooting Tools
• Using the ping Command
– To check host reachability and network connectivity,
use the ping exec (user) or privileged exec command.
– After you log in to the router or access server, you are
automatically in user exec command mode. The exec
commands available at the user level are a subset of
those available at the privileged level.
– In general, the user exec commands allow you to
connect to remote devices, change terminal settings
on a temporary basis, perform basic tests, and list
system information.
– The ping command can be used to confirm basic
network connectivity on AppleTalk, ISO
Connectionless Network Service (CLNS), IP, Novell,
Apollo, VINES, DECnet, or XNS networks.
 Router Troubleshooting Tools
• Using the trace Command
– The trace user exec command discovers the
routes that a router’s packets follow when
traveling to their destinations.
– The trace privileged exec command permits the
supported IP header options to be specified,
allowing the router to perform a more extensive
range of test options.
 Module-3

Device Configuration
 Troubleshoot Firewall Problems
1) Ping a PC near the device
2) Ping the device
3) Telnet and/or browse to the device
4) Confirm the port configuration of the device
5) Confirm that important IP addresses are not
blocked
6) Trace the route to the device
 Troubleshoot Firewall Problems
1) Ping a PC near the device
• A simple ICMP ping to a PC near the device is a
good initial test to determine connectivity status
and network performance issues.
• ICMP ping is an IP-based signal sent from one
device to another.
• If the target device receives the "ping" from the
source device, it will (if configured to do so)
respond to confirm that is active and connected
to the network.
• It's a simple way of confirming that a device is
online.
 Troubleshoot Firewall Problems
1) Ping a PC near the device
• So, if your pings to the PC are not returned, try
pinging the gateway.
• Continue working your way up the network with
your pings to identify the point where they stop.
• Check for firewalls and firewall configurations,
especially those that block UDP, SNMP, pings, or
ports 161 or 162.
• Keep in mind that some networks block all ping
traffic as a security measure.
 Troubleshoot Firewall Problems
2) Ping the device
– Next, send another simple ICMP ping to the device to
determine connectivity.
– If pings to the PC in Step 1 were successful, but pings
sent to the device fail, the problem is almost certainly
with your SNMP device.
3) Telnet and/or browse to the device
– If the SNMP device you are testing supports Telnet
connections or Web access, you should attempt to
connect using one of these methods.
– If pings succeed but Telnet and/or browsing is
blocked, this is a very good indication that you have a
firewall issue.
 Troubleshoot Firewall Problems
4) Confirm the port configuration of the device
– For additional security, some SNMP devices may use
non-standard ports to obstruct unauthorized SNMP
traffic. If so, make sure that these ports are not
blocked by a firewall and are accepted by the
manager.
– Another potential solution is to reconfigure the device
to use standard ports.
5) Confirm that important IP addresses are not
blocked
– A firewall may simply be blocking the IP address of
your device and/or manager.
– Confirm that these or any other needed IP addresses
are not being blocked.
 Troubleshoot Firewall Problems
6) Trace the route to the device
– Tracing the "hops" that network traffic is following to
reach the device can allow you to pinpoint a tricky
firewall issue. A simple trace can be performed from
the Command Prompt of Windows XP:
• Open a Command Prompt in Windows XP.
• Type "tracert", a single space, and the IP address of the
device you are trying to reach (i.e. "tracert
192.168.230.143")
• Press return to start the trace.
• Show the output to your IT department to identify potential
firewall problems.
 Troubleshooting CISCO IOS Firewall
configurations
• Reverse (Remove) - an access list
– put a "no" in front of the access-group command
in interface configuration mode

Eg: int <interface>

no ip access-group # in|out
 Troubleshooting CISCO IOS Firewall
configurations
• If too much traffic is denied, study the logic of
your list or try to define an additional broader
list, and then apply it instead.
• Eg:
access-list # permit tcp any any
access-list # permit udp any any
access-list # permit icmp any any
int <interface>
ip access-group # in|out
 Troubleshooting CISCO IOS Firewall
configurations
• Command - show ip access-lists
- which access lists are applied and what traffic is denied by
them.
• Command - no ip route-cache
- If the router is not heavily loaded, debugging can be done at
a packet level on the extended or ip inspect access list.
Then in enable (but not config) mode:
term mon
debug ip packet # det
Output:
*Mar 1 04:38:28.078: IP: s=10.31.1.161 (Serial0), d=171.68.118.100
(Ethernet0), g=10.31.1.21, len 100, forward

*Mar 1 04:38:28.086: IP: s=171.68.118.100 (Ethernet0), d=9.9.9.9

(Serial0), g=9.9.9.9, len 100, forward
 Troubleshooting CISCO IOS Firewall
configurations
• Extended Access list
access−list 101 deny ip host 171.68.118.100 host 10.31.1.161
log
access−list 101 permit ip any any
- can be used with log options also
Output:
*Mar 1 04:44:19.446: %SEC−6−IPACCESSLOGDP: list 111
permitted icmp 171.68.118.100 −> 10.31.1.161 (0/0), 15
packets

*Mar 1 03:27:13.295: %SEC−6−IPACCESSLOGP: list 118

denied tcp 171.68.118.100(0) −> 10.31.1.161(0), 1 packet
 Troubleshooting CISCO IOS Firewall
configurations
• Extended Access list
access−list 101 deny ip host 171.68.118.100 host 10.31.1.161
log
access−list 101 permit ip any any
- can be used with log options also
Output:
*Mar 1 04:44:19.446: %SEC−6−IPACCESSLOGDP: list 111
permitted icmp 171.68.118.100 −> 10.31.1.161 (0/0), 15
packets

*Mar 1 03:27:13.295: %SEC−6−IPACCESSLOGP: list 118

denied tcp 171.68.118.100(0) −> 10.31.1.161(0), 1 packet
 Configuring IDS
Step 1. Initialization configuration

Step 2. Logging or PostOffice configuration

Step 3. Audit rule configuration and activation

 Configuring IDS
Step 1: Initialization Configuration
– Router(config)# ip audit po max-events
#_of_events
– Router(config)# ip audit smtp spam
#_of_recipients
 Configuring IDS
Step 1: Initialization Configuration
– The ip audit po max-events command limits the
number of IDS events that the Cisco IOS queues
up to send to a remote device.
– By default, this is 250 events, but this can range
from 1 to 65,535.
– This limit is used to ensure that if a hacker tried to
flood a router with a lot of attacks, the router
would not overload itself in trying to process all of
them.
– Otherwise, this basically would allow the hacker
to create a DoS attack against the router itself.
 Configuring IDS
Step 1: Initialization Configuration
– The ip audit smtp spam command is used to limit e-
mail spamming that uses mass mailings.
– With this command, the default number of recipients
allowed in an e-mail message is 250. If an e-mail
message contains more than this value, the router
takes the configured action (I discuss these actions
later in the "Global Policies" and "Specific Policies"
sections).
– The number of recipients can range from 1 to 65,535.
 Configuring IDS
Step 2: Logging and PostOffice Configuration
– The Cisco IOS can use two methods when logging
IDS events:
• log the information using syslog or log the information
using an IDS Director.
• Using syslog, the Cisco IOS can log information locally
(the console or the internal buffer) or remotely (a
syslog server).
• If you want to use the syslog method, you must
configure the following IDS statement:

Router(config)# ip audit notify log

 Configuring IDS
Step 2: Logging and PostOffice Configuration
– The Cisco IOS can use two methods when logging
IDS events:
• 1) log the information using syslog
• 2) log the information using an IDS Director.
• Using syslog, the Cisco IOS can log information locally
(the console or the internal buffer) or remotely (a
syslog server).
 Configuring IDS
If you want to use the syslog method, you
must configure the following IDS statement:

Router(config)# ip audit notify log

• If you are using CiscoWorks VMS with Security

Monitoring Center (MC), you can forward the
router's syslog messages to Security MC, which is
used to centralize the repository and reporting of
alarm information.
 Configuring IDS
• When logging informational signatures to the
router's console, you also need to execute the
following command:
Router(config)# logging console info
 Configuring IDS
• Second logging option is to log information to
an IDS Director,
 Configuring IDS
• The ip audit notify nr-director command enables the
logging of IDS events to an IDS Director product.
• The ip audit po local command specifies the
PostOffice configuration for the router;
• the ip audit po remote command specifies the
configuration for the remote Director device.
 Configuring IDS
• With PostOffice, each device needs a unique combination of a
host ID and an organization ID.
• The organization ID is used to group sensors. In smaller
companies, normally only a single organization ID is necessary.
• For enterprise companies, you might have different
organization IDs for each division, allowing for easier
management of your sensor products.
• Within each organization, a device needs a unique host ID.
This concept is similar to IP addressing, in which you have
network numbers and hosts within a network. Both of these
IDs range from 1 to 65,535.
 Configuring IDS
• For the ip audit po local command, you must specify the
router's personal ID numbers for the host and organization
values.
• Likewise, you must specify the Director's PostOffice ID
information in the ip audit po remote command.
• However, unlike the router's PostOffice configuration, you
have to tell your router many more things about the remote
Director in the ip audit po remote command.
• After specifying the PostOffice ID of the Director, you need to
specify the IP address of the Director and then the IP address
that the router will use as its source address (an address on
one of its physical or loopback interfaces)
 Configuring IDS
Step 3: Audit Rule Configuration and Activation
– When you have defined your logging method, you
are ready to create your IDS auditing rules. Two
sets of commands are used to configure audit
rules: global (default actions) and specific.
– Global Policies
• Global policies are used to take the appropriate actions
for matching on signatures, unless a specific rule
designates otherwise. To create your global policies,
use these two commands:
– Router(config)# ip audit info {action [alarm] [drop] [reset]}
– Router(config)# ip audit attack {action [alarm] [drop] [reset]}
 Configuring IDS
• As you can see, the two commands specify actions for
informational and attack signatures. Each has three
possible actions that the router can take:
– alarm? Generate an alarm (log), where this is the default
action
– drop? Drop the packet
– reset? For TCP connections, tear down the connection
• These commands need to be configured only if you
want to change the default action (alarm) and you
want the Cisco IOS IDS engine to use the same policy
for all traffic of the same signature category.
 Configuring IDS
• Specific Policies
– Besides globally changing the behavior or IDS, you
can create specific IDS auditing policies.
– Typically, you do this if you have two interfaces on
your router?perhaps one connected to the
Internet and the other to a remote site?and you
want to set up different IDS policies (actions to
signature matches) for each interface.
 Configuring IDS
• Specific Policies
– Here is the command syntax to set up your
specific IDS auditing policies:
 Module-4

Information Security Audit

Preparation
Module-4: Information Security Audit
Preparation
• Nature and scope of information security
audits
• Roles and responsibilities.
• Identify the procedures/guidelines/checklists
• Identify the requirements of information
security Audits and prepare for audits in
advance.
Module-4: Information Security Audit
Preparation
• Security Audit Review -
– Organize data/information required for
information security audits using standard
templates and tools
– Audit tasks, Reviews, Comply with the
organization’s policies, standards, procedures,
guidelines and checklists
– Disaster Recovery Plan
 Security diagnostics

• The three main types of security diagnostics:

– Information security audits
– Vulnerability assessments
– Penetration testing
Information System Audit vs Information
Security Audit
• Information System Audit and Information
Security Audit are two tools that are used to
ensure safety and integrity of information and
sensitive data.
Information System Audit vs Information
Security Audit
• Information Systems Audits
– Plan and conduct information systems audits to
evaluate the control environment and internal
controls regarding information technology
governance structure, general and application
controls, system development, backup and
disaster recovery, data integrity,
and system security.
Information System Audit vs Information
Security Audit
• Information security audit
– It is a systematic, measurable technical
assessment of how the
organization's security policy is employed. It is
part of the on-going process of defining and
maintaining effective security policies.
– Security audits provide a fair and measurable way
to examine how secure a site really is.
 Information Security Audit
• Computer security auditors work with the full
knowledge and support of the organization, in
order to carry out the audit.
• This usually includes receiving documentation
and access by the organization representative.
• A security analyst may be assigned to support
and facilitate the audit.
 Information Security Audit
• Computer security auditors perform their
work though personal interviews, reviewing
policies, vulnerability scans, examination of
operating system settings, analyses of network
shares, and historical data and logs.
 Scope of the Audit
• The scope of the audit depends upon:
 Information Security Audit
• Purposes of audits:
– Build awareness of current practices and risks
– Reducing risk, by evaluating, planning and
supplementing security efforts
– Strengthening controls including both automated and
human
– Compliance with customer and regulatory
requirements and expectations
– Building awareness and interaction between
technology and business teams
– Improving overall IT governance in the organization
What should be covered in audits?
What should be covered in audits?
 Constraints of a security audit
• Time constraints
• Third party access constraints
• Business operations continuity constraints
• Scope of audit engagement
• Technology tools constraints
 Types of Security Audits
• There are two types of Audit
– Internal Audit
– External Audit
 Types of Security Audits
• External audits:
– External audits are commonly conducted by
independent, certified parties in an objective manner.
– They are scoped in advance, finally limited to
identifying and reporting any implementation and
control gaps based on stated policies and standards
such as the COBIT (Control Objectives for Information
and related Technology).
– At the end the objective is to lead the client to a
source of accepted principles and sometimes
correlated to current best practices
 Types of Security Audits
• Internal audits:
– Internal audits usually are conducted by experts
linked to the organization, and it involves a
feedback process where the auditor may not only
audit the system but also potentially provide
advice in a limited fashion.
– They differ from the external audit in allowing the
auditor to discuss mitigation strategies with the
owner of the system that is being audited.
 Phases of Information Security Audit
1. Pre-audit agreement stage
2. Initiation and Planning stage
3. Data collection and fieldwork (Test phase)
4. Analysis
5. Reporting
6. Follow-through
Phases of Information Security Audit
1. Pre-audit agreement stage
– Agree on scope and objective of the audit.
– Agree on the level of support that will be provided.
– Agree on locations, duration and other parameters of
the audit.
– Agree on financial and other considerations.
Confidentiality agreements and contracting to be
completed at this stage.
– Developing/creating a formal agreement (e.g.,
statement of work, audit memorandum, or
engagement memo) to state the audit objectives,
scope, and audit protocol
 Phases of Information Security Audit
2. Initiation and Planning stage
– Conducting a preliminary review of the client’s
environment, mission, operations, polices, and practices.
– Performing risk assessments of client environment, data,
and technology resources.
– Completing research of regulations, industry standards,
practices, and issues.
– Reviewing current policies, controls, operations, and
practices.
– Holding an Entrance Meeting to review the engagement
memo, to request items from the client, schedule client
resources, and to answer client questions.
– This will also include laying out the time line and specific
methods to be used for the various activities.
Phases of Information Security Audit
3. Data collection and fieldwork (Test phase)
– This stage is to accumulate and verify sufficient,
competent, relevant, and useful evidence to reach
a conclusion related to the audit objectives and to
support audit findings and recommendations.
– During this phase, the auditor will conduct
interviews, observe procedures and practices,
perform automated and manual tests, and other
tasks.
– Fieldwork activities may be performed at the
client’s worksite(s) or at remote locations,
depending on the nature of the audit.
 Phases of Information Security Audit
4. Analysis
– Analyses are performed after documentation of all
evidence and data, to arrive at the audit findings and
recommendations.
– Any inconsistencies or open issues are addressed at
this time.
– The auditor may remain on-site during this phase to
enable prompt resolution of questions and issues.
– At the end of this phase, the auditor will hold an Exit
Meeting with the client to discuss findings and
recommendations, address client questions, discuss
corrective actions, and resolve any outstanding issues.
– A first draft of the findings and recommendations may
be presented to the client during the exit meeting.
Phases of Information Security Audit
5. Reporting
– Generally, the Information Security Audit Program
will provide a draft audit report after completing
fieldwork and analysis.
– Based on client response if changes are required
to the draft, the auditor may issue a second draft.
– Once the client is satisfied that the terms of the
audit are complied with the final report will be
issued with the auditor’s findings and
recommendations.
 Phases of Information Security Audit
6. Follow-through
– Depending on expectations and agreements the auditor
will evaluate the effectiveness of the corrective action
taken by the client, and, if necessary, advise the client on
alternatives that may be utilized to achieve desired
improvements.
– In larger, more complex audit situations, follow-up may be
repeated several times as additional changes are initiated.
Additional audits may be performed to ensure adequate
implementation of recommendations.
– The level of risk and severity of the control weakness or
vulnerability dictate the time allowed between the
reporting phase and the follow-up phase.
– The follow-up phase may require additional
documentation for the audit client.
 Role of an Auditor
• Auditors ask the questions, test the controls,
and determine whether the security policies
are followed in a manner that protects the
assets the controls are intended to secure by
measuring the organization’s activities versus
its security best practices.
 Role of an Auditor
• The role of the auditor is to identify, measure,
and report on risk.
• The auditor is not tasked to fix the problem,
but to give a snapshot in time of the
effectiveness of the security program.
• The objective of the auditor is to report on
security weakness.
 Role of an Auditor
• The auditor functions as an independent
advisor and inspector.
• The auditor is responsible for planning and
conducting audits in a manner that is fair and
consistent to the people and processes that
are examined.
• The auditing charter or engagement letter
defines the conduct and responsibilities of an
auditor.
 Role of an Auditor
• Depending on how a company’s auditing
program is structured, ultimate accountability
for the auditor is usually to senior
management or the Board of Directors.
• Auditors are usually required to present a
report to management about the findings of
the audit and also make recommendations
about how to reduce the risk identified.
 Responsibilities of an Auditor
• Plan, execute and lead security audits across
an organization.
• Inspect and evaluate financial and information
systems, management procedures and
security controls.
• Evaluate the efficiency, effectiveness and
compliance of operation processes with
corporate security policies and related
government regulations.
 Responsibilities of an Auditor
• Develop and administer risk-focused exams
for IT systems.
• Review or interview personnel to establish
security risks and complications.
• Execute and properly document the audit
process on a variety of computing
environments and computer applications.
• Assess the exposures resulting from
ineffective or missing control practices.
 Responsibilities of an Auditor
• Provide a written and verbal report of audit
findings
• Develop rigorous “best practice”
recommendations to improve security on all
levels
• Work with management to ensure security
recommendations comply with company
procedure
• Collaborate with departments to improve
security compliance, manage risk and bolstern
effectiveness
 Module-4

Information Security Audit

Preparation
 Information Security Audit
Methodology
• Need for a Methodology
– Audits need to be planned and have a certain
methodology to cover the total material risks of an
organization.
– A planned methodology is also important as this
clarifies the way forward to all in the organization and
the audit teams.
– Which methodology and technique is used is less
important than having all the participants within the
audit approach the subject in the same manner.
 Information Security Audit
Methodology
• Audit methodologies
– There are two primary methods by which audits
are performed.
– Start with the overall view of the corporate
structure and drill down to the minutiae (small);
or begin with a discovery process that builds up a
view of the organization.
 Information Security Audit
Methodology
• Audit methodologies
• a. Testing
– Pen tests and other testing methodologies are used to explore
vulnerabilities. In other words, exercising one or more
assessment objects to compare actual and expected
behaviors.
• b. Examination and Review
– This include reviewing policies, processes, logs, other
documents, practices, briefings, situation handling, etc. In
other words, checking, inspecting, reviewing, observing,
studying, or analyzing assessment objects
• c. Interviews and Discussion
– This involves group discussions, individual interviews, etc.
 Information Security Audit
Methodology
• Auditing techniques:
1. Examination Techniques
2. Target Identification and Analysis Techniques
3. Target Vulnerability Validation Techniques
 Information Security Audit
Methodology
• Auditing techniques:
1. Examination Techniques
• Examination techniques, generally conducted manually
to evaluate systems, applications, networks, policies,
and procedures to discover vulnerabilities
• Techniques include
– o Documentation review
– o Log review
– o Rule set and system configuration review
– o Network sniffing
– o File integrity checking
 Information Security Audit
Methodology
• Auditing techniques:
2. Target Identification and Analysis Techniques
• Testing techniques, generally performed using
automated tools used to identify systems, ports,
services, and potential vulnerabilities
• Techniques include
– o Network discovery
– o Network port and service identification
– o Vulnerability scanning
– o Wireless scanning
– o Application security examination
 Information Security Audit
Methodology
• Auditing techniques:
3. Target Vulnerability Validation Techniques
• Testing techniques that corroborate the existence of
vulnerabilities, these may be performed manually or
with automated tools
• Techniques include
– o Password cracking
– o Penetration testing
– o Social engineering
– o Application security testing
Audit Process
 Auditing Security Practices
• Evaluation against the organization’s own security
policy and security baselines
• Regulatory/industry compliance—Health
Insurance Portability and Accountability Act
• (HIPAA), Sarbanes-Oxley Act (SOX), Grahmm-
Leach-Bliley Act (GLBA), and Payment Card
• Industry (PCI)
• Evaluation against standards such as NIST 800 or
ISO 27002
• Governance frameworks such as COBIT or Coso
 Auditing Security Practices
• The following are types of assessments that
might be performed to test security controls:
– Risk assessments
– Policy assessment
– Social engineering
– Security design review
– Security process review
– Interviews
– Observation
– Document review
– Technical review
 Checklists and Templates
• It is important to develop and use standard checklists
for audits as this ensures that data is collected in a
uniform manner.
• It also ensures that no data point or activity critical to
be covered is omitted.
• One must ensure the templates and checklists are
agreed upon prior to use and from recognized sources.
• These should be understood commonly by all
participating in the audit.
• It is important that those carrying out the audit
understand the importance of capturing information in
detail.
 Information Security Audit
Tasks
• Pre-audit tasks
• Information gathering
• External Security Audit
• Internal Network Security Auditing
• Firewall Security Auditing
• IDS Security Auditing
• Social Engineering Audit
 Information Security Audit
Tasks
• Pre-audit tasks
– During this phase, the auditors determine the
main area/s of focus for the audit and any areas
that are explicitly out-of-scope, based normally on
an initial risk-based assessment plus discussion
with those who commissioned the audit.
– Information sources include general research on
the industry and the organization, previous and
perhaps other audit reports, and documents such
as the Statement of Applicability, Risk Treatment
Plan and Security Policy.
 Information Security Audit
Tasks
• Pre-audit tasks
– During the pre-audit survey, the ISMS auditors identify
and ideally make contact with the main stakeholders
in the ISMS such as the ISM manager/s, security
architects, ISMS developers, ISMS implementers and
other influential figures such as the CIO and CEO,
taking the opportunity to request pertinent
documentation etc. that will be reviewed during the
audit.
– The organization normally nominates one or more
audit "escorts", individuals who are responsible for
ensuring that the auditors can move freely about the
organization and rapidly find the people, information
etc. necessary to conduct their work, and act as
management liaison points.
 Information Security Audit
Tasks
• Information Gathering
– Information gathering is essentially using the
Internet to find all the information you can about
the target (company and/or person) using both
technical (DNS/WHOIS) and non-technical (search
engines, news groups, mailing lists etc.) methods.
 Information Security Audit
Tasks
• Information Gathering
– Information gathering does not require that the
assessor establishes contact with the target
system.
– Information is collected (mainly) from public
sources on the Internet and organizations that
hold public information (e.g. tax agencies,
libraries, etc.) Information gathering section of the
penetration test is important for the penetration
tester.
– Assessments are generally limited in time and
resources.
 Information Security Audit
Tasks
• Information Gathering
– 1. Spiders, Robots and Crawlers:
• This phase of the Information Gathering process
consists of browsing and capturing resources related to
the application being tested.
– 2. Search Engine Discovery/Reconnaissance:
• Search engines, such as Google, can be used to discover
issues related to the web application structure or error
pages produced by the application that have been
publicly exposed.
 Information Security Audit
Tasks
• Information Gathering
– 3. Identify application entry points:
• Enumerating the application and its attack surface is a
key precursor before any attack should commence. This
section will help you identify and map out every area
within the application that should be investigated once
your enumeration and mapping phase has been
completed.
– 4. Testing Web Application Fingerprint:
• Application fingerprint is the first step of the
Information Gathering process; knowing the version
and type of a running web server allows testers to
determine known vulnerabilities and the appropriate
exploits to use during testing.
 Information Security Audit
Tasks
• Information Gathering
– 5. Application Discovery:
• Application discovery is an activity oriented to the
identification of the web applications hosted on a web
server/application server.
• This analysis is important because often there is no
direct link connecting the main application backend.
• Discovery analysis can be useful in revealing details
such as web applications used for administrative
purposes.
• In addition, it can reveal old versions of files or artefacts
such as undeleted, obsolete scripts, crafted during the
test/development phase or as the result of
maintenance.
 Information Security Audit
Tasks
• Information Gathering
6. Analysis of Error Codes:
– During a penetration test, web applications may divulge
information that is not intended to be seen by an end user.
– Information such as error codes can inform the tester about
technologies and products being used by the application.
 Information Security Audit
Tasks
• Information Gathering Methodology
– Phase One
• Network survey
– Phase Two
• OS Identification (sometimes referred as TCP/IP stack
fingerprinting)
– Phase Three
• Port scanning
– Phase Four
• Services identification
 Audit Report
• The document report includes:
– • Summary of the test execution.
– • Scope of the project
– • Result analysis.
– • Recommendations.
– • Appendixes.
 Audit Report
• The summary should provide a short, high-level
overview of the test.
• It should contain the client’s name, testing firm,
date of test, and so on.
• Information about the targeted systems and
applications.
• End-user test results. Examine all exploits
performed.
• The summary should include details of discovered
vulnerabilities.
 Audit Report
• Scope of the project should include the IP
address ranges that are tested and mentioned
in the contract.
– • Examining whether social engineering was
employed or not.
– • Examining whether public or private networks
are tested or not.
– • Examining whether Trojans and backdoor
software applications are permitted or not.
 Audit Report
• The results analysed should include:
– • Domain name and IP address of the host
– • TCP and UDP ports
– • Description of the service
– • Details of the test performed
– • Vulnerability analysis
 Audit Report
• Recommendations to their security is very
important for the report to be accepted by the
customer.
• Appendices should include:
– • Contact information
– • Screen shots
– • Log output
 Disaster Recovery Plan
• Disaster recovery plans (DRP) seek to quickly
redirect available resources into restoring data
and information systems following a disaster.
• A disaster can be classified as a sudden event,
including an accident or natural disaster, that
creates wide scoping, detrimental damage.
• In information management, DRPs are considered
a critical subset of an entity's larger business
continuity plan (BCP), which seeks to prepare for,
prevent, and recover from potential threats
affecting an organization.
 Disaster Recovery Plan
• While BCPs address all facets of an organization,
DRPs specifically focus on technology.
• DRPs provide instructions to follow when
responding to various disasters, including both
cyber and environment-related events.
• DRPs differ from incident response plans that
focus on information gathering and coordinated
decision making to understand and address a
specific event.
 Disaster Recovery Plan
1. Create a disaster recovery team.
2. Identify and assess disaster risks
3. Determine critical applications, documents,
and resources
4. Specify backup and off-site storage
procedures
5. Test and maintain the DRP
 Disaster Recovery Plan
1. Create a disaster recovery team.
– The team will be responsible for developing,
implementing, and maintaining the DRP.
– A DRP should identify the team members, define
each member’s responsibilities, and provide their
contact information.
– The DRP should also identify who should be
contacted in the event of a disaster or
emergency.
– All employees should be informed of and
understand the DRP and their responsibility if a
disaster occurs.
 Disaster Recovery Plan
2. Identify and assess disaster risks.
– Your disaster recovery team should identify and
assess the risks to your organization.
– This step should include items related to natural
disasters, man-made emergencies, and
technology related incidents.
– This will assist the team in identifying the recovery
strategies and resources required to recover from
disasters within a predetermined and acceptable
timeframe.
 Disaster Recovery Plan
3. Determine critical applications, documents, and
resources.
– The organization must evaluate its business processes
to determine which are critical to the operations of
the organization.
– The plan should focus on short-term survivability, such
as generating cash flows and revenues, rather than on
a long term solution of restoring the organization’s full
functioning capacity.
– However, the organization must recognize that there
are some processes that should not be delayed if
possible.
– One example of a critical process is the processing of
payroll.
 Disaster Recovery Plan
4. Specify backup and off-site storage procedures.
– These procedures should identify what to back up, by
whom, how to perform the backup, location of
backup and how frequently backups should occur.
– All critical applications, equipment, and documents
should be backed up.
– Documents that you should consider backing up are
the latest financial statements, tax returns, a current
list of employees and their contact information,
inventory records, customer and vendor listings.
– Critical supplies required for daily operations, such as
checks and purchase orders, as well as a copy of the
DRP, should be stored at an off-site location.
 Disaster Recovery Plan
5. Test and maintain the DRP.
– Disaster recovery planning is a continual process
as risks of disasters and emergencies are always
changing.
– It is recommended that the organization routinely
test the DRP to evaluate the procedures
documented in the plan for effectiveness and
appropriateness.
– The recovery team should regularly update the
DRP to accommodate for changes in business
processes, technology, and evolving disaster risks.
 QUES)

Consider any two MNC companies, study their procedures and

guidelines related to information security and create a checklist
for the audit task.

1)

VISA

SECURITY GUIDELINES:

What is the AIS Program?

The Account Information Security (AIS) Program was introduced by Visa for Latin America and the
Caribbean in the year 2000. The program establishes that all Members (Issuers or Acquirers), Agents,
Merchants, and service providers storing, processing or transmitting cardholder and transaction
information are required to comply with Information Security Standards.
In summary, the AIS Program provides:

Information Security Standards

Criteria to validate compliance
Guides and help tools

Security Standards
In 2004, the AIS Program incorporated the Payment Card Industry Data Security Standard (PCI DSS)
resulting from a cooperative effort between Visa and MasterCard to create common industry security
requirements.
Effective September 7, 2006 the PCI Security Standard Council (SSC) owns, maintains and distributes the
PCI DSS and all its supporting documents. The council was founded by the top 5 payment card companies.
Visa Inc. , however , continues to manage all data security compliance enforcement and validation
initiatives.
The standards consist of 12 basic requirements grouped into 6 categories:
Build and Maintain a Secure Network
1. Install and maintain a firewall configuration to protect data
2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

3. Protect stored data
4. Encrypt transmission of cardholder data and sensitive information across public networks

Maintain a Vulnerability Management Program

5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications

Implement Strong Access Control Measures

7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data

Regularly Monitor and Test Networks

10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes

Maintain an Information Security Policy

Maintain a policy that addresses information security

What are the steps?

1. Become familiar with PCI Security Standards.
Visa recommends that all organizations participating in the Visa system become thoroughly
familiar with PCI Security Standards. All organizations processing, transmitting or storing
cardholder or transaction information are required to comply with these standards.
2. Contact your Acquirer Bank
The institutions that maintain a direct relationship with Visa (typically Member Banks and
processors) have received precise instructions regarding the AIS program. Merchants and service
providers should contact their bank to receive instructions regarding:

What are the requirements to validate compliance by your organization in accordance with the
Visa LAC AIS Program?
What are the deadlines set by Visa for compliance with AIS Program requirements?
What are the benefits and penalties of the AIS program?

3. Provide proof of compliance upon request

As a result of compliance validation requirements established by the AIS Program and the risk
level represented by your organization, your Acquirer may contact merchants and service
providers to request "Proof of Compliance" with PCI Security Standards.

Compliance validation requirements may include:

On-site audits by independent qualified security assessor (QSA)

Quarterly network scans
Completing of a self-Assessment Questionnaire
INFORMATION SECURITY AUDIT CHECKLIST

Audit checklist questions Yes/no Comments

1. Do firewalls exist on all Internet or Extranet
connections
2. Are firewalls used internally to separate
networks of different security levels?
3. Is there a formal procedure for approving all
external connections?
4. Is the use of NAT or PAT implemented into
your environment to hide internal network
from the Internet?
5. Is your firewall and router configured to
conform with documented security standards?
6. Is your firewall’s CPU utilization monitored at
least every 15 minutes?
7. Are available security patches implemented
within 30 days?
8. Are security patches tested before they are
deployed to production systems?
9. Do all system changes go through a formal
change control process?
10. Does your cryptographic solution conform to
applicable international and national standards,
as well as all legal and regulatory controls?
11. Are only crypto devices used that meet the
approval standards and policies of your
organization?
12. Are there documented processes and
procedures in place for encryption keys?
13. Is access to keys restricted to the fewest
number of custodians necessary?
14. Is cardholder information retained when it
is no longer needed for business reasons
15. Is a quarterly inventory audit performed to
verify if any stored cardholder information
exceeds your retention requirements?
16. Is CVV2 or magnetic stripe data stored in the
database or log files?
17. Are all passwords on network devices and
systems encrypted?
18. Is stored cardholder data encrypted by one
of the following, one-way cipher (hash indexes)
such as SHA-1 (not MD5), Truncation, Simple
ciphers, index tokens and PADS, strong
cryptography such as PGP or Triple-DES with
associated key management processes and
procedures?
19. Is telnet or Rlogin used for remote system
administration?
20. Is externally accessible account data
transmitted in unencrypted format?
21. Is confidential account information
transmitted via unencrypted email format?
22. Is strong cryptography and appropriate key
controls in place to safeguard data during
transmission?
23. Are modems connected to the internal
systems or DMZ systems?
24. Is anti-virus software installed on all servers
and workstations?
25. Have anti-virus signature files been updated
to the latest signature file?
26. Is account information access on a need to
know basis only?
27. Are access control policies in place for data
access privileges to cardholder information?
28. Is firewall administration limited to only the
network security administration staff?
29. Is a unique username and password
required for each non-consumer user that logs
into a system containing cardholder
information?
30. Is at least one of the following methods used
 to authenticate all non-consumer users when
accessing cardholder information: unique
username and password? token devices (i.e.,
SecureID, certificates, or public key)?
biometrics?
31. Are non-consumer users required to change
their password every 60 days?
32. Are non-consumer user accounts locked
within 6 invalid login attempts?
33. Are password protected screen savers or
terminal locks used on all critical systems?
34. Are group passwords allowed on critical
systems?

2)

IBM

SECURITY GUIDELINES AND STEPS:

1) Data and asset classification and protection:

Assign the appropriate classification and controls to information, data and assets categories.
Apply appropriate access controls to restrict access on a business need-to-know basis.

2) Asset Management:

Register and inventory assets. Establish an acceptable use policy for each asset or group of
assets.

3) Access control:

-Access Control Policy

Establish an Access Control Policy for every application or system that describes how to
manage risks from user account management, access enforcement and monitoring, separation of
duties, and remote access.

-User Access Management

Assign access rights based on a business need-to-know basis. Privileged access should be assigned
carefully and with the least amount of privilege required. Revoke rights when there is no longer a
business need for the employee or contractor to have the access.

-Application and System Access Control

Use secure logon procedures to control access to applications and systems, including multi-factor
authentication.

4) Use of Encryption:

Use encryption based on risk criteria, such as information sensitivity or classification:

● To protect data in transit on public and private networks, and

● How data is stored in applications or systems to mitigate threats.
●

5) Operations Security:

Maintain operating procedures and make these available to relevant users. Operating procedures
may include:

● Installation and configuration of applications and systems

● Startup and close-down procedures
● Authentication and authorization management
● Maintenance and backup procedures
● Information handling procedures, both automated and manual activities
● Problem determination and handling
● Logging and monitoring
● Communication with support and escalation contacts
● Security incident handling
● Security testing
● Vulnerability and patch management

6) Network Security:

Design and operate networks with the following objectives:

● To limit access to IBM networks to authorize parties.

● To be resilient when confronted with external threats such as intrusion and disruption.
 7) Physical and Environmental Security:

Place infrastructure assets in controlled access areas, with the exception of those intended for public
use.
Apply risk-based access controls, which may include locking or guarding areas to:

● Allow access only to authorized individuals

● Maintain physical security during power outages
● Maintain access logging

8) Supplier Management:

Evaluate suppliers based on their ability to meet business and security requirements. The
supplier must demonstrate security and privacy practices, for example, through certifications or
third-party attestations.

9) Security Incidents:

The IBM Cybersecurity Incident Response Team (CSIRT) is an internal team staffed with incident
responders and forensic analysts. In-scope cybersecurity incidents include:

● A potential security breach of data or information technology assets and systems owned or
managed by IBM.
● A potential compromise of client data or information technology assets and systems when the
incident might involve IBM personnel, systems, products, or services.

10) Compliance and Certifications:

IBM's IT security management structure is influenced by several industry security standards

and frameworks such as National Institute of Standards and Technology (NIST) and
International Organization for Standardization (ISO). IBM’s security policy and standards are
reviewed regularly through a combination of frameworks, and assessment activities such as
SOC 1, SOC 2, SOX, FedRAMP, HIPAA, and other internal and external audits, as
appropriate.

11) Security and Use standards for IBM Personnel:

- Security and Use Standards for IBM Personnel

IBM has established security and use standards for IBM personnel and their workstations and mobile
devices used to conduct IBM business or that connect to the IBM internal network. The focus of these
standards is to protect data and information technology assets from loss, modification, or destruction.
IBM’s internal policies summarize the most critical steps employees must take to protect workstations
and mobile devices. Further, the standards outline employee responsibilities for protecting IBM
Confidential information and provide security and appropriate use requirements.
- Physical Security
IBM employees are provided with specific guidance intended to maintain the physical security of their
workstations, mobile devices and work areas, and maintain security while traveling.
- Logical Security
Access management is required to protect information and systems at both individual and role-based
levels. Passwords are expected to be changed regularly and comply with password complexity
standards.
- Safe Use and Education
IBM employees receive guidance and education regarding the safe use of information technology
assets. Further, IBM has implemented annual mandatory IT security education to help employees
understand security risk and comply with IT policies. Employees also receive education on IBM’s
Business Conduct Guidelines (BCGs). The BCGs require that IBM employees conduct business
observing high ethical standards and in accordance with data security and confidentiality policies.
Employees are expected to report illegal or unethical behavior. At the time of being hired and
annually thereafter, IBM employees are required to read and agree to comply with the BCGs as a
condition of employment.
- Incident Reporting
IBM maintains a globally accessible security incident reporting and mitigation system in which IT
security and data incidents are reported. This report initiates a response from a 24x7x365 team of
specifically trained and equipped employees who, working with the business teams and other subject
matter experts as needed, will manage the incident until resolution.

12) Organization and Governance:

IBM has a dedicated CISO whose team is responsible for leading enterprise-wide information
security strategy, policy, standards, architecture, and processes. The CISO is part of IBM’s
Enterprise & Technology Security group, which works across all of the organizations within the
Company to protect IBM, its brand and its clients against cybersecurity risks. Cybersecurity
oversight consists of the Board and Audit Committee each receiving regular updates from
senior management, including the CISO, as well as from cybersecurity experts in areas such
as rapidly evolving cybersecurity threats, cybersecurity technologies and solutions deployed
internally and with IBM clients, major cyber risks areas and policies and procedures to
addresses those risks, and cybersecurity incidents.

Information Security Audit Checklist:

ACCOUNT AND PASSWORD Yes/No Comments
MANAGEMENT
Do you have policies and standards covering electronic
authentication, authorization, and access control of
personnel and resources to your information systems,
applications and data?

Do you ensure that only authorized personnel have access

to your computers?

Do you require and enforce appropriate passwords?

Are your passwords secure (not easy to guess, regularly

changed, no use of temporary or default passwords)?

Are you computers set up so others cannot view staff

entering passwords?

CONFIDENTIALITY OF SENSITIVE DATA

Do you classify your data, identifying sensitive data versus
non sensitive?

Are you exercising responsibilities to protect sensitive data

under your control?

Is the most valuable or sensitive data encrypted?

Do you have a policy for identifying the retention of

information (both hard and soft copies)?

Do you have procedures in place to deal with credit card

information?

Do you have procedures covering the management of

personal private information?

Is there a process for creating retrievable back up and

archival copies of critical information?

Do you have procedures for disposing of waste material?

Is waste paper binned or shredded?

Is your shred bin locked at all times?

Do your policies for disposing of old computer equipment
protect against loss of data (e.g.. by reading old disks and
hard drives)?

Do your disposal procedures identify appropriate

technologies and methods for making hardware and
electronic media unusable and inaccessible (such as
shredding CDs and DVDs, electronically wiping drives,
burning tapes) etc.)?

SECURITY AWARENESS AND

EDUCATION
Are you providing information about computer security to
your staff?

Do you provide training on a regular recurring basis?

Are employees taught to be alert to possible security

breaches?

Are your employees taught about keeping their passwords

secure?

Are your employees able to identify and protect classified

data, including paper documents, removable media, and
electronic documents?

Does your awareness and education plan teach proper

methods for managing credit card data (PCI standards) and
personal private information (Social security numbers,
names, addresses, phone numbers, etc.)?
Module 5: Team Work and
Communication
 Effective Communication
• Communication
• Any activity that involves exchange of
information between two or more persons to meet
a desired objective is known as communication.
• Types of Communication
1. Verbal Communication
2. Non-Verbal Communication
3. Written Communication
 Verbal Communication
• Verbal communication refers to the form of communication in
which the message is transmitted verbally.
• An important aspect of verbal communication is to ensure that
the person who is listening is also on the same page.
• Sometimes what the speaker intends to say is not what the
listener hears.
• Hence, the former has to make sure that he communicates
clearly.
• Some examples of oral communication:
 Non-Verbal Communication
• Non-Verbal Communication refers to the form of
communication that does not use any words to
convey the message.
• It uses gestures, posture, body language, expressions
and tone of voice for communicating.
• Some examples of non-verbal communication:
 Written Communication
• Written communication is the form of communication
that uses written language, signs or symbols for
communicating.
• Here, the message is influenced by the vocabulary
and grammar used, writing style, precision and clarity
of the language used.
• Some examples of written communication:
 Barriers to Effective Communication
• The following are some impediments that can come in
the way of communicating effectively with others:
• Physical barriers-
– When two persons are not present at the same physical
location, communicating with each other becomes difficult.
– However, technology like virtual meeting applications has
made things easier.
• Perceptual barriers-
– When two people have a different perception of the same
thing, communication becomes difficult.
– For example, for somebody in a formal setting, talking
softly would be the norm, whereas for another person,
talking softly could mean the other person is trying to hide
something.
 Barriers to Effective Communication
• Emotional barriers-
– Emotions too play a very important role in
communication.
– For somebody, discussing personal issues in the office
may be okay, while another person could consider that
as unacceptable.
• Cultural barriers-
– Given the global nature of workplaces these days,
people from different cultures work together, thereby
leading to cultural misunderstandings.
– For example, in some cultures shaking hands with
female colleagues is acceptable, while in the others, it
may be unacceptable.
 Barriers to Effective Communication
• Language barriers-
– When two people who are communicating, do not
know the same language, miscommunication can
happen.
 How to Communicate Effectively at
Work
• The following are some ways to communicate
effectively:
• Be clear about what you want to say before
communicating.
• Modify your message according to the recipient, if
required. The background and need of the recipient
should be kept in mind.
• Be careful about the language, tone and content of
the message.
• Take cues from the non-verbal messages that the
receiver may be sending that may help you
understand whether he is getting your message, or
is still interested.
 How to Communicate Effectively at
Work
• The message being sent out should be
consistent and not self-contradictory.
• Listen to the other person’s point of view
during a communication.
• Follow-up after the communication to ensure
the message has gone across.
• Choose the medium of communication
carefully.
• Do not let your personal biases creep in.
 Email Etiquettes
• Research has found that on average, IT professionals
spend about a quarter of their time at work combing
through the numerous emails and other digital
messages one sends and receives each day.
• In many cases more communication is conducted
through emails, and other digital messaging options like
online discussion forums, WhatsApp, SMS, than
through personal meetings or phones.
• Hence it becomes imperative for an Analyst SOC to be
able to use this mode of communication effectively.
 Email Etiquettes
• Here are some considerations that one needs to take care
while communicating through emails or other digital
messaging options:
 Include a subject line that is crisp and clear and matches the
content of the message. Remember, people often decide
whether to open an email based on the subject line.
 Use your official email address/account to conduct all
official messaging. However, if you have to use some other
address/name/account due to pressing reasons, then choose
one that is appropriate for the workplace.
 Avoid using "reply all" unless there is a reason everyone on
the list needs to receive the email. Check before sending the
message that it is being sent to all the people it is meant for,
and there is no-one who will find the message a waste of
their time.
 Email Etiquettes
 Use professional salutations.
 Avoid emoticons as far as possible and use exclamation
points sparingly. If you choose to use an exclamation
point, use only one to convey excitement. While
emoticons are fun, you don’t know how the recipient
will take them. It's better to spell it out and write what
you mean.
 Make your message easy to read. Don’t use long
sentences. Use bullets to set off points you want to
make. If it is an important or complex content, have
someone trusted read it and let you know where was it
difficult to understand, so that you may correct it.
 Email Etiquettes
• Keep it short and get to the point. The long e-mail is a thing
of the past. Write concisely, with lots of white space, so as to
not overwhelm the recipient. Make sure when you look at
what you're sending it doesn't look like a burden to read.
• Do not sound abrupt or harsh. "Read your message out loud.
If it sounds harsh to you, it will sound harsher to the reader.
Any emotion when passed in a written message will seem
heightened.
• Know that people from different cultures speak and write
differently. Tailor your message depending on the receiver's
cultural background or how well you know them.
• It's better to leave humour out of emails unless you know the
recipient well. Something that you think is funny might not
be funny to someone else.
 Email Etiquettes
• Reply to your emails — even if the email wasn't
intended for you. It's difficult to reply to every email
message ever sent to you, but you should try to. Even if
the email was accidentally sent, you can reply informing
the sender of the same so that it can be sent to correct
person on time.
• Proofread every message. Don't rely only on spell-
checkers. Read and re-read your email a few times,
preferably aloud, before sending it off.
• Be cautious with colour or All capitals in the message.
It's distracting and may be perceived the wrong way.
Writing in all capitals can convey that you are shouting
in your message, and nobody likes to be yelled at.
 Email Etiquettes
• Don't use email to discuss Confidential
Information. Email messages are easy to copy,
print and forward.
• Your e-mail greeting and sign-off should be
consistent with the level of respect and formality
of the person you're communicating with.
• Always include a signature. You never want
someone to have to look up how to get in touch
with you. If you're social media savvy, include all
of your social media information in your signature
as well.
 “Remember - Your e-mail is a
reflection of you. Every e-mail you
send adds to, or detracts from your
reputation.”
 Working Effectively
• Importance of establishing Good Working Relationships
The following are some benefits of developing productive
relationships with colleagues:
• Getting tasks done gets easier.
• Colleagues are more likely to go along with the changes
that you recommend.
• Instead of spending time and energy on negative
relationships, you can focus on opportunities.
• You can get ideas and feedback from others.
• You can take help in hours of need, if required.
• Your productivity increases.
• Your performance gets appraised better.
• You can learn from others and add to your existing skill-set.
Importance of an environment of trust
and mutual respect
• One important aspect of inter-dependence is mutual respect and trust.
This is as true in professional relationships and as it is in personal
relationships. It is the former that have to be explained to the students
• Some of the benefits of an environment of trust and mutual respect are
as follows:
• Getting tasks done gets easier.
• It encourages free flow of ideas.
• It saves time spent in gauging whether the other person is speaking the
truth, or is giving genuine advice.
• Colleagues are more likely to go along with the changes that you
recommend.
• You can take help in hours of need, if required.
• Your productivity increases.
• Your performance gets appraised better.