Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Domain 5.1 Auditing Information Asset Protection > 5: Auditing Network security controls > Flashcards

5: Auditing Network security controls Flashcards

1
Q

Auditing architecture

A
  • Architecture diagrams - The IS auditor should obtain and become familiar with high-level and detailed architecture diagrams that show the logical relationships between key network and system features.
  • Architecture documents - Visual diagrams are usually accompanied by written documents that describe the purpose of various architectural features.
  • Support of business objectives - The IS auditor should determine if the network’s architecture supports key business objectives.
  • Compliance with security policy The IS auditor should determine if the network’s architecture is compliant with the organization’s security policy.
  • Comparisons of documented versus actual The IS auditor should examine several key points in the documented network architecture to see if the network’s configuration actually reflects its documented design. The IS auditor should seek to understand any discrepancies found.
  • Change and review process The IS auditor should determine if the organization has any processes used to identify, review, and approve any network architecture changes, as well as updates to diagrams and documentation.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Auditing Firewalls - Countermeasures

A

IS auditor should examine network architecture (described earlier in this section) and understand the role of firewalls in the network. With this understanding, the auditor should carefully examine network security policies, firewall access control lists, and configurations to determine if firewalls support security policy. The auditor should also examine change control records and firewall change records to determine if all firewall changes are approved and applied properly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Auditing Remote Access

A

The IS auditor should examine remote access policy to determine acceptable remote access scenarios. The auditor should then examine remote access servers and some workstations to determine if remote access infrastructure supports and enforces policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Auditing Wi-Fi Access Points

A

The IS auditor should determine whether Wi-Fi access points are used and, if so, how they are controlled. The IS auditor should determine whether there are any rogue (unapproved) access points in use and whether the organization routinely scans for them and takes action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Domain 5.1 Auditing Information Asset Protection (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions