3.1 Auditing and Accountability Flashcards
What is the benefit of logging?
Creates a log of actions taken. A record incase someone is not adhering to regulations. important to establishing nonrepudiation.
Discuss the difference between authorization and accountability.
Authorization is determining what an authorized party can do. Accountability is making sure users follow the rules and is responsible for their actions.
Describe nonrepudiation.
Situation where an individual cannot deny they made a statement or took an action because there is enough evidence.
Name five items you might want to audit.
passwords, software licenses, internet usage,
Why is accountability important when dealing with sensitive data?
Need to hold others accountable with my businesses resources or my personnal data - with what they do and how they store that information.
Why might auditing your installed software be a good idea?
To make sure the license is geniune to avoid a fine brought up by a whistleblower trying to fetch 1M.
When dealing with legal or regulatory issues, why do you need accountability?
To ensure people are complying with laws, regulations, and polices that bind it, we use the auditing process.
What is the difference between vulnerability assessment and penetration testing?
vulnerability testing uses a scanning tool to locate a weakness then consults its database of info which can be limited, old. Penetration
takes it further - uses hacker tech, gathers info on environ and users, find security flaws in web-based apps or web connected databases, attack unpatched vulnerabilities in applications.
What impact can accountability have on the admissibility of evidence in court cases?
For evidence to be accepted, you’ll need a solid documented chain of custody. Location of the evidence over time and how it was passed from one person to the next and how it was protected. Accountability methods for evidence collection should create an unbroken chain of custody.
Given an environment containing servers that handle sensitive customer data, some of which are exposed to the internet, would you want to conduct a vulnerability assessment, a penetration test, or both? Why?
Measures put in place to ensure accountability are called what?
auditing
What are some ways to achieve nonrepudiation?
logs, digital forensic examination of the system.
Accountability requires tracing all activities to their sources through what three things?
identification,
authentication, and authorization
______________ enhances security by enabling nonrepudiation, deterring misuse,
detecting intrusions, and preparing legal evidence.
Accountability
Accountability can _________ misconduct by ensuring individuals know they will be
held responsible for their actions
deter; deterrent
- Auditing can detect and prevent logical and physical intrusions using ___and
___systems.
IDS IPS
Define Auditing.
methodical examination and review of organizations records.
Logging and Monitoring are ______ measures.
reactive
What are tests that find and fix vulnerabilities before an attacker does called?
assessment.
___________ helps detect undesirable conditions or patterns, often based on data
from logs or other systems.
Monitoring
____________assessments scan for weaknesses, while _________ testing mimics
attacks to exploit vulnerabilities
Vulnerability; penetration
Auditing helps organizations do what?
3 things
1- hold people accountable
2- prevent threats
3 - ensure compliance with laws and regulations.
Which tool is used for vulnerability assessment?
Qualys
Which standards apply to any financial entity policies?
Gramm-Leech-Bliley
