2 cissp ® Official Study Guide Eighth Edition


Auditing to Assess Effectiveness



Download 19,3 Mb.
Pdf ko'rish
bet733/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   729   730   731   732   733   734   735   736   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Auditing to Assess Effectiveness 
Many organizations have strong effective security policies in place. However, just because 
the policies are in place doesn’t mean that personnel know about them or follow them. 
Many times, an organization will want to assess the effectiveness of their security policies 
and related access controls by auditing the environment. 

784
Chapter 17 

Preventing and Responding to Incidents
Auditing
is a methodical examination or review of an environment to ensure compli-
ance with regulations and to detect abnormalities, unauthorized occurrences, or crimes. It 
verifies that the security mechanisms deployed in an environment are providing adequate 
security for the environment. The test process ensures that personnel are following the 
requirements dictated by the security policy or other regulations, and that no significant 
holes or weaknesses exist in deployed security solutions.
Auditors
are responsible for testing and verifying that processes and procedures are in 
place to implement security policies or regulations, and that they are adequate to meet the 
organization’s security requirements. They also verify that personnel are following these 
processes and procedures. In other words, auditors perform the auditing.
auditing and auditing
The term 
auditing
has two different distinct meanings within the context of IT security, so 
it’s important to recognize the differences.
First, 
auditing
refers to the use of audit logs and monitoring tools to track activity. For 
example, audit logs can record when any user accesses a file and document exactly what 
the user did with the file and when.
Second, 
auditing
also refers to an inspection or evaluation. Specifically, an audit is an 
inspection or evaluation of a specific process or result to determine whether an organiza-
tion is following specific rules or guidelines.
These rules may be from the organization’s security policy or a result of external laws 
and regulations. For example, a security policy may dictate that inactive accounts should 
be disabled as soon as possible after an employee is terminated. An audit can check for 
inactive accounts and even verify the exact time accounts were disabled and match this 
to the time of a terminated employee’s exit interview. Inspection audits can be done inter-
nally or by an external auditor, and they will often use the logs created from auditing and 
monitoring as part of the evaluation process.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   729   730   731   732   733   734   735   736   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish