BrightTalk – Detecting dangerous user behavior: Use cases from SANS & LogRhythm 3.3 3.3.2 Audit and Accountability
This webinar covers uses cases that support automating the detection of dangerous user behavior.
SEARCH RESULTS
Carnegie Mellon University – Best Practices for NTP Services 3.3 3.3.7 Audit and Accountability
This article talks about how NTP works, NTP vulnerabilities, and best practices; configuration of the NTP server.
Cisco – Network Time Protocol: Best Practices White Paper 3.3 3.3.7 Audit and Accountability
This is a whitepaper from Cisco on the NTP Protocol.
DNSstuff – 10 Best Free and Open-Source SIEM Tools 3.3 3.3.5 Audit and Accountability
This article lists Security Information and Event Management (SIEM) tools that provide log analysis and correlation of events. Caveat: Open source may be sufficient for some small companies but do not provide support and may offer only a limited feature set. Most of these open source solutions offer a paid option as well. If you try it and like it, upgrading to the paid option to gain support and features is easy.
DNSstuff – Log Management Tools 3.3 3.3.5 3.3.6 Audit and Accountability csc6
This link provides a list of no or low cost log management tools.
Environmental Protection Agency – Audit and Accountability Procedure 3.3 3.3.4 Audit and Accountability
This example procedure from the EPA shows how they iplement the security control requirements for the Audit and Accountability (AU) control family, as identified in NIST SP 800-53.
Gartner – Insider Risk Management Solutions Reviews and Rankings 3.3 3.3.2 Audit and Accountability
Gartner defines insider risk management (IRM) as the tools and capabilities to measure, detect and contain undesirable behavior of trusted accounts within the organization. In response to a recognized need to minimize the effects of unwanted activity within the organization and key partners, security and risk management leaders have to mitigate risk. This market consists of tools and solutions to monitor the behavior of employees, service partners and key suppliers working inside the organization, and to evaluate whether behavior falls within expectations of role and corporate risk tolerance. Insider risk may involve errors, fraud, theft of confidential or commercially valuable information, or the sabotage of computer systems.
Internet Engineering Task Force – Network Time Protocol Best Current Practices 3.3 3.3.7 Audit and Accountability
This is Internet Engineering task force’s updated best practices for Network Time Protocol.
Kroll – It’s Not If But When: How to Build Your Cyber Incident Response Plan 3.3 3.3.5 3.6 3.6.1 3.6.2 Audit and Accountability csc19 Incident Response
In this article, Kroll provides a high-level view of how to build an IRP and the types of questions you will want to address as you begin planning.
log.io – The Complete Guide to the ELK Stack 3.3 3.3.4 Audit and Accountability
This is an article from logz.io that speaks to defining the elk stack, the importance, installation and configuration of it.