Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Domain 5.1 Auditing Information Asset Protection > 2: Auditing Logical access controls > Flashcards

2: Auditing Logical access controls Flashcards

1
Q

auditing net access

A

The IS auditor should conduct an independent review of the IT infrastructure to map out the organization’s logical access paths.

The IS auditor should request network architecture and access documentation to compare what was discovered independently against existing documentation. The auditor will need to determine why any discrepancies exist.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

auditing users access control

A
  • Authentication
  • Authentication bypass - to see if it possible for users to bypass authentication
  • Access violations - See if systems, networks have the ability to log access violations.
  • User account lockout - see if systems can lockout after several attempts.
  • IDS & IPS - See if any IPS is installed that would detect authentication-bypass. See if the IPD/IPS are well configured and up to date.
  • Dormant accounts- if they are an automated or manual process to identify dormant accounts.
  • Shared accounts -
  • Systems accounts - The IS auditor should identify all system-level accounts on networks, systems, and applications.
  • Jump servers - The IS auditor should determine who has access to jump servers, whether they can be bypassed, and whether they can be used to exfiltrate data.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Auditing users access provisioning

A

The IS auditor should identify all user access request processes and determine if these processes are used consistently throughout the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Access approvals

A

Access approvals When studying the user access process, the IS auditor needs to determine how requests are approved and by what authority they are approved.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

New employee provisioning

A

The IS auditor should examine the new employee provisioning process to see how a new employee’s user accounts are initially set up.

The IS auditor also needs to determine how initial user credentials are communicated to the new employee and if the method is secure and reasonable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Segregation of duties (SOD)

A

The IS auditor should determine if privileges within or among applications that would constitute SOD violations. The auditor should determine how violations are managed when they are found.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Access reviews

A

The IS auditor should determine if there are any periodic access reviews and what aspects of user accounts are reviewed; this may include termination reviews, internal transfer reviews, SOD reviews, and dormant account reviews.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Domain 5.1 Auditing Information Asset Protection (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions