2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet723/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   719   720   721   722   723   724   725   726   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

The Role of Monitoring 
Monitoring provides several benefi ts for an organization, including increasing accountabil-
ity, helping with investigations, and basic troubleshooting. The following sections describe 
these benefi ts in more depth. 
Audit Trails
Audit trails
are records created when information about events and occurrences is stored 
in one or more databases or log fi les. They provide a record of system activity and can 
reconstruct activity leading up to and during security events. Security professionals extract 
information about an incident from an audit trail to prove or disprove culpability, and 
much more. Audit trails allow security professionals to examine and trace events in for-
ward or reverse order. This fl exibility helps when tracking down problems, performance 
issues, attacks, intrusions, security breaches, coding errors, and other potential policy 
violations. 
Audit trails provide a comprehensive record of system activity and can 
help detect a wide variety of security violations, software flaws, and per-
formance problems.
Using audit trails is a passive form of detective security control. They serve as a deterrent 
in the same manner that closed circuit television (CCTV) or security guards do. If person-
nel know they are being watched and their activities are being recorded, they are less likely 
to engage in illegal, unauthorized, or malicious activity—at least in theory. Some criminals 
are too careless or clueless for this to apply consistently. However, more and more advanced 
attackers take the time to locate and delete logs that might have recorded their activity. 
This has become a standard practice with many advanced persistent threats. 
Audit trails are also essential as evidence in the prosecution of criminals. They provide a 
before-and-after picture of the state of resources, systems, and assets. This in turn helps to 
determine whether a change or alteration is the result of an action by a user, the operating 
system (OS), or the software, or whether it’s caused by some other source, such as hardware 
failure. Because data in audit trails can be so valuable, it is important to ensure that the 
logs are protected to prevent modifi cation or deletion.

Logging, Monitoring, and Auditing 

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   719   720   721   722   723   724   725   726   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish