Exam 2 (Material from Chapters 9 - 10) Flashcards
A ____ is a crucial type of evaluation to avoid a data breach.
security audit
Auditing a computer system involves checking to see how its operation has met what?
security goals
T/F: Audit tests may be manual or automated.
True
Before you can determine whether something has worked, you must first define how it’s supposed to work. This is known as?
Assessing a system
Security policy should define ______ actions.
acceptable and unacceptable
In this permission level, everything is allowed.
Promiscuous
In this permission level, anything not specifcally prohibited is okay.
Permissive
In this permission level, A reasonable list of things is permitted, and all others are prohibited.
Prudent
In this permission level, very few things are permitted; all others are prohibited and carefully monitored
Paranoid
Explain the difference between SOC 1, SOC 2, and SOC 3 reports.
See Slide 12 from chapter 10
____ is the standard to which a system is compared to determine whether it is securely configured.
Benchmark
Host intrusion detection system (HIDS), System integrity monitoring, and data loss prevention(DLP) is an example of what?
real-time monitoring
Application logging and system logging are examples of what?
non-real time monitoring