ISC2 - Study Notes 1 Flashcards
You can also use audit logging for system integrity. An audit log tracks changes to a resource, including what was changed, who changed it, and when. A set of one or more audit logs creates an audit trail that you can use to verify whether the configuration of a system is the same or has been modified. If someone did make a change that caused an outage, investigators can use audit logs to identify what was changed and who made the change.
Audit Info
uses multiple servers and ensures that a service will remain available, even if a server fails.
Failover clustering
is a security principle that ensures that no single person has complete control over a process.
also provide nonrepudiation.
Separation of duties / Digital signatures
user provides credentials (such as a username and password) that are checked against a database to prove the user’s identity.
Authentication
Administrators assign rights and permissions to resources, which ??? users to access the resources.
Authorization
refers to the investigative steps that an organization takes prior to taking on something new, such as signing a contract or making a major purchase.
Due Diligence
is the practice of implementing security policies and practices to protect resources. It ensures that a certain level of protection is applied to protect against losses from known risks. The goal is to reduce the risk to the resources to a manageable level.
Due Care
is the process of users proving they are who they claim to be. A common method is by having a user provide a logon name to profess an identity and then using a password for authentication.
Authentication
??? passwords are used only once per session. Many hardware tokens generate new passwords every 60 seconds that users can enter as a one-time password.
One-time or Dynamic Password
Information that a user would know, such as the name of a first pet, a first employer, and a favorite color, is combined to create a ???.
Cognitive Password
