Chapter 4: Auditing and Accountability Flashcards
trace activities in our environment back to their source
accountability
refers to a situation in which sufficient evidence exists as to prevent an individual form successfully denying that he or she has made a statement, or taken an action
nonrepudiation
primary means to ensure accountability through technical means
auditing
gives us a history of the activities that have taken place in the environment
logging
a subset of auditing and tends to focus on observing information about the environment in question
monitoring
when an audit takes a more active route toward determining whether everything is as it should be and compliant with relevant laws, regulations, or policies
Assessment
uses vulnerability scanning tools in order to locate such vulnerabilities
vulnerability assessments
generally work by scanning the target systems discover which ports are open on them, and then interrogating each open port to find out exactly which service is listening on the port in question.
vulnerability scanning tools like Nessus
a more active method of finding security holes
penetration testing
standards used by credit card industry that lays requirements for vendors to protect customer’s data
Payment Card Industry (PCI) Data Security Standard