Skip main navigation

Centralized Accounting

In this video, you will learn about centralized accounting.
So, centralized accounting – very helpful. Logs reviewing. How often do we review our logs? Logs are only useful if they are reviewed. If we don’t review the logs, they become useless, in effect. Logs are technically a reactive form of control. If we’re looking at a log, something has already happened, therefore it’s reactive. That’s not to say that they are unhelpful, though. Logs can help us prevent further problems by having alerting attached to the logs.
So if we have, for example, a honeypot, a desirable alerting system in our demilitarized zone, if somebody triggers an alert by trying to access that honeypot system, that will give us an alert that we can use to provide some kind of warning to the security function. Something untoward is happening on our network. Technically, that’s reactive, but it’s reactive at a very, very early stage of an attack. And log aggregation can help protect log integrity. It can also help with the business intelligence aspect of logs. We can start to normalize the data and form analytics on them.
And we can start to correlate different types of data to map trends related to service consumption, system utilization, but also things like, perhaps, incorrect passwords on an Active Directory, service against a particular account, and correlating that to brute force attacks on individual applications or web services. So SIEM systems can consume logs, and they can help with log alerts, and are really big advocates of SIEM systems. There are many, many providers of SIEM systems and they’re all very capable and com– mostly very capable and competent systems. The benefit is that log reviews typically are a manual process, or traditionally were a manual process, and very time intensive, labor intensive. Pouring through log files is slow work.
And typically, that log review process happens on a weekly or monthly basis. A SIEM system, as soon as an event is triggered, can alert you to the fact that an exigent circumstance has occurred. You define something that you want alerting about, and when it happens, the SIEM system tells you about it. So we need to be careful. There’s lots of data. We need to understand what we want from our accounting, how we manage it, and what processes we can use around BI and SIEM systems to support us from a semi-automated or fully automated perspective.

In this video, you will learn about centralized accounting.

Centralized accounting will help you to:

  • log review processes

  • log aggregation

  • improve business intelligence

This article is from the free online

Cyber Security Foundations: Identity and Access Management

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education