Auditing Flashcards
What is auditing in security?
A technical assessment conducted on apps, systems, or networks.
What type of control is auditing?
A detective control
Note: A detective control is looking to ensure that security measures were implemented correctly or see what went wrong.
What are the two methods of auditing?
Manual and automatic
In a manual audit, what will be reviewed?
Security logs Access Control Lists (ACL's) User Rights/Permissions Group Policies (GPO's) Vulnerability Scans Written Organizational Policies Interviewing Personnel
Note: For exam, consider logs to be apart of auditing because they are frequently tied together inside the auditing concept.
What is automated auditing?
An automated audit is a computer-assisted audit using software tools.
Note about auditing
Auditing is usually conducted with a combination of both automatic and manual auditing