2 cissp ® Official Study Guide Eighth Edition


Understand how to maintain accountability



Download 19,3 Mb.
Pdf ko'rish
bet743/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   739   740   741   742   743   744   745   746   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Understand how to maintain accountability.
Accountability is maintained for individual 
subjects through the use of auditing. Logs record user activities and users can be held 
accountable for their logged actions. This directly promotes good user behavior and com-
pliance with the organization’s security policy.
Understand the importance of security audits and reviews.
Security audits and reviews 
help ensure that management programs are effective and being followed. They are com-
monly associated with account management practices to prevent violations with least 
privilege or need-to-know principles. However, they can also be performed to oversee patch 
management, vulnerability management, change management, and configuration manage-
ment programs.

Written Lab 
795
Understand auditing and the need for frequent security audits.
Auditing is a methodical 
examination or review of an environment to ensure compliance with regulations and to 
detect abnormalities, unauthorized occurrences, or outright crimes. Secure IT environ-
ments rely heavily on auditing. Overall, auditing serves as a primary type of detective 
control used within a secure environment. The frequency of an IT infrastructure security 
audit or security review is based on risk. An organization determines whether sufficient risk 
exists to warrant the expense and interruption of a security audit. The degree of risk also 
affects how often an audit is performed. It is important to clearly define and adhere to the 
frequency of audit reviews.
Understand that auditing is an aspect of due care.
Security audits and effectiveness 
reviews are key elements in displaying due care. Senior management must enforce compli-
ance with regular periodic security reviews, or they will likely be held accountable and 
liable for any asset losses that occur.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   739   740   741   742   743   744   745   746   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish