3.1 Auditing and Accountability Flashcards
What is the benefit of logging?
Creates a log of actions taken. A record incase someone is not adhering to regulations. important to establishing nonrepudiation.
Discuss the difference between authorization and accountability.
Authorization is determining what an authorized party can do. Accountability is making sure users follow the rules and is responsible for their actions.
Describe nonrepudiation.
Situation where an individual cannot deny they made a statement or took an action because there is enough evidence.
Name five items you might want to audit.
passwords, software licenses, internet usage,
Why is accountability important when dealing with sensitive data?
Need to hold others accountable with my businesses resources or my personnal data - with what they do and how they store that information.
Why might auditing your installed software be a good idea?
To make sure the license is geniune to avoid a fine brought up by a whistleblower trying to fetch 1M.
When dealing with legal or regulatory issues, why do you need accountability?
To ensure people are complying with laws, regulations, and polices that bind it, we use the auditing process.
What is the difference between vulnerability assessment and penetration testing?
vulnerability testing uses a scanning tool to locate a weakness then consults its database of info which can be limited, old. Penetration
takes it further - uses hacker tech, gathers info on environ and users, find security flaws in web-based apps or web connected databases, attack unpatched vulnerabilities in applications.
What impact can accountability have on the admissibility of evidence in court cases?
For evidence to be accepted, you’ll need a solid documented chain of custody. Location of the evidence over time and how it was passed from one person to the next and how it was protected. Accountability methods for evidence collection should create an unbroken chain of custody.
Given an environment containing servers that handle sensitive customer data, some of which are exposed to the internet, would you want to conduct a vulnerability assessment, a penetration test, or both? Why?
Measures put in place to ensure accountability are called what?
auditing
What are some ways to achieve nonrepudiation?
logs, digital forensic examination of the system.
Accountability requires tracing all activities to their sources through what three things?
identification,
authentication, and authorization
______________ enhances security by enabling nonrepudiation, deterring misuse,
detecting intrusions, and preparing legal evidence.
Accountability
Accountability can _________ misconduct by ensuring individuals know they will be
held responsible for their actions
deter; deterrent
