Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security + (SY0-701) > Section 13.114 Internal Audits and Assessments > Flashcards

Section 13.114 Internal Audits and Assessments Flashcards

Objective 5.5 Explain types and purposes of audits and assessments

1
Q

Internal Audits

A

Systematic evaluations conducted by an organization’s own audit team to assess the effectiveness of internal controls, compliance with regulations, and
the integrity of information systems and processes

Internal Audits Focus areas:
● Data protection
● Network security
● Access controls
● Incident response procedures

Examples of internal audit focus areas
● Password policies - allign weith best practices
● User access controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Process on Internal Audit

A

● Reviewing policies and procedures

● Examining access rights

● Testing effectiveness of controls

● Findings documented for recommendations and improvements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Concepts in Internal Audits

Compliance Requirements

A

Ensuring that information systems and security practices meet established standarts, regulations and laws

○ Compliance is essential for protecting sensitive data and avoiding legal penalties

○ Internal audits may be required for compliance with specific laws or regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Audit Committee

A

A group, often comprising members of a companys board of directors, overseeing audit and compliance activities

Responsibilities:
■ Reviewing financial reporting
■ Internal controls
■ Internal and external audits
■ Legal and regulatory compliance

Addresses issues raised by auditors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Internal Assessments

A

An in-depth analysis to identify and assess potential risks and vulnerabilitites in an organisations information systems

■ Commonly performed before implementing new systems or making significant changes to existing ones

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Self Assessments

A

Internal evaluations assessing compliance with specific standards or
regulations

■ Vulnerability assessments, threat modeling exercises, and risk assessments are part of internal assessments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Internal Assessment Process

Threat Modeling Exercise

A

○ Identifies potential threats to applications (e.g., SQL injection, XSS,
DoS attacks)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Internal Assessment Process

Vulnerability Assessment

A

○ Uses automated scanning tools and manual testing techniques to identify known vulnerabilities and code weaknesses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Internal Assessment Process

Risk Assessment

A

○ Evaluates the potential impact of the following

■ Identified threats and vulnerabilities
■ Considering likelihood
■ Potential damage
■ Cost of security measures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Internal Assessment Process

Mitigation Strategies

A

○ Recommendations to address risks and vulnerabilities

○ Code fixes

○ Additional security controls

○ Architectural changes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA Security + (SY0-701) (238 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions