Auditing and Accountability Flashcards
What is accountability in Information Security?
Ensuring individuals are held responsible for their actions within a system.
What three security mechanisms help enforce accountability?
Identification, authentication, and authorization.
What is nonrepudiation?
Prevents someone from denying their actions due to the presence of evidence.
What are examples of nonrepudiation in cybersecurity?
Network logs, system logs, and digitally signed emails.
How does deterrence improve security?
By setting clear rules and informing users that their activities are being monitored.
What is the difference between an IDS and an IPS?
IDS (Intrusion Detection System): Monitors and alerts.
IPS (Intrusion Prevention System): Takes action to block attacks.
Why is the admissibility of records important in security?
Proper logging ensures security records can be used as legal evidence in investigations.
What is auditing?
A methodical review of an organization’s records to ensure security and compliance.
Why is accurate record-keeping important in auditing?
It ensures logs are reliable and can be used to track security incidents.
What are some things that should be audited?
Access controls (who has access to what)
Password policies (complexity, change frequency)
Software licenses
Internet usage (websites visited, emails, file transfers)
What is the purpose of logging?
Capturing and storing a history of system activities for later review.
What is the difference between logging and auditing?
Logging happens before an audit and records system activities.
Auditing involves reviewing logs and other records for security and compliance.
What is monitoring in cybersecurity?
Observing system activity in real-time to detect failures, threats, or resource shortages.
What is a security assessment?
A test that identifies and fixes vulnerabilities before attackers exploit them.
What is a vulnerability assessment?
A process that scans for security weaknesses in a system.
What are some scanning tools used for vulnerability scanning?
Qualys, Nessus, OpenVAS.
What does a vulnerability scanner do?
Scans for open ports, outdated software, and misconfigurations.
What is penetration testing?
A simulated cyberattack that mimics real-world hacking techniques to test security.
What are the key steps of a penetration test?
Information Gathering – Reconnaissance on the target system.
Scanning – Finding vulnerabilities.
Exploitation – Attempting to exploit weaknesses.
Why is auditing software licenses important?
To ensure compliance with licensing agreements and prevent legal issues.
Why is logging critical for forensic investigations?
It provides a historical record of events, which can be used to trace security incidents.
How does accountability impact legal investigations?
Ensures that security logs and records can be used as admissible evidence in court.
