Domain 6: Security Operations Flashcards
Artifact
A piece of evidence, such as text or a reference to a resource, that is submitted to support a response to a question.
Assessment
The testing or evaluation of the controls in an information system or an organization to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security or privacy requirements for the system or the organization.
Audit/Auditing
The process of reviewing a system for compliance against a standard or baseline. Examples include audits of security controls, configuration baselines, and financial records. Can be formal and independent, or informal using internal staff.
Compliance Calendar
Compliance Calendar
A calendar that tracks an organization’s audits, assessment, required filings, their due dates, and related details.
Findings
Assessment results produced by the application of an assessment procedure to a security control or control enhancement to achieve an assessment objective.
Judgmental Sampling
Also called purposive sampling or authoritative sampling, and is a non-probability sampling technique in which the sample members are chosen only on the basis of the researcher’s knowledge and judgment.
Misuse Case Testing
Testing strategy and technique from the point of view of an actor hostile to the system, using deliberately chosen sets of actions, which could lead to systems integrity failures, malfunctions, or other security or safety compromises.
Statistical Sampling
Statistical sampling is the process of selecting subsets of examples from a population with the objective of estimating properties of the total population.
Substantive Test
The testing technique used by an auditor to obtain the audit evidence in order to support auditor opinion.
Testing
The process of exercising one or more assessment objects (i.e., activities or mechanisms) under specified conditions to compare actual with expected behavior.
