2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet638/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   634   635   636   637   638   639   640   641   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Website Monitoring
Security professionals also often become involved in the ongoing monitoring of websites 
for performance management, troubleshooting, and the identification of potential security 
issues. This type of monitoring comes in two different forms.

Passive monitoring
analyzes actual network traffic sent to a website by capturing it 
as it travels over the network or reaches the server. This provides real-world monitor-
ing data that provides administrators with insight into what is actually happening on 
a network. 
Real user monitoring (RUM)
is a variant of passive monitoring where the 
monitoring tool reassembles the activity of individual users to track their interaction 
with a website.

Synthetic monitoring 
(or 
active monitoring
) performs artificial transactions against a 
website to assess performance. This may be as simple as requesting a page from the site 
to determine the response time, or it may execute a complex script designed to identify 
the results of a transaction.
These two techniques are often used in conjunction with each other because they achieve 
different results. Passive monitoring is only able to detect issues after they occur for a real 
user because it is monitoring real user activity. Passive monitoring is particularly useful for 
troubleshooting issues identified by users because it allows the capture of traffic related to 
that issue. Synthetic monitoring may miss issues experienced by real users if they are not 
included in the testing scripts, but it is capable of detecting issues before they actually occur.

688
Chapter 15 

Security Assessment and Testing
Implementing Security Management 
Processes 
In addition to performing assessments and testing, sound information security programs 
also include a variety of management processes designed to oversee the effective operation 
of the information security program. These processes are a critical feedback loop in the 
security assessment process because they provide management oversight and have a deter-
rent effect against the threat of insider attacks. 
The security management reviews that fi ll this need include log reviews, account man-
agement, backup verifi cation, and key performance and risk indicators. Each of these 
reviews should follow a standardized process that includes management approval at the 
completion of the review.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   634   635   636   637   638   639   640   641   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish