Chapter 10 - Auditing, Testing, and Monitoring

Question 1

Security auditing is…

Answer 1

crucial to avoid data breaches

Question 2

Auditing a computer system involves…

Answer 2

checking to see how its operation has met security goals

Question 3

Audits can be…

Answer 3

manual or automated
narrow in scope or encompass the entire organization

Question 4

Assessing a system

Answer 4

defining how a system is supposed to work

Question 5

The first step in the auditing process, before we can even begin is…

Answer 5

assessing the system

Question 6

Purpose of audits

Answer 6

• evaluate appropriate security levels
• ensure that controls are correctly installed and working well
• ensure that controls are effective in addressing the risk they were assigned to address

Question 7

Steps in the security review cycle

Answer 7

1. monitor
2. audit
3. improve
4. secure

Question 8

Monitor

Answer 8

review and measure all controls

Question 9

Audit

Answer 9

Review the logs and overall environment analyze how well policies and controls are working

Question 10

Improve

Answer 10

include proposals to improve the security program and controls in the audit results

Question 11

Secure

Answer 11

ensure that new and existing controls work together to protect the intended level of security

Question 12

Security policy should…

Answer 12

define acceptable and unacceptable actions

Question 13

Promiscuous

Answer 13

everything is allowed

Question 14

Permissive

Answer 14

anything not specifically prohibited is allowed

Question 15

Prudent

Answer 15

a reasonable list of things is permitted and all others are prohibited

Question 16

Paranoid

Answer 16

very few things are permitted and all others are prohibited and carefully monitored

Question 17

Service Organization Control (SOC)

Answer 17

a framework that defines scope and contents of three levels of audit reports

Question 18

SOC 1

Answer 18

an audit report focused on a service organization’s internal controls relevant to their clients’ financial reporting

Question 19

SOC 2

Answer 19

an audit report that focuses on the security and privacy of an organization’s information systems

Question 20

SOC 3

Answer 20

a general-use, public-facing version of a more detailed SOC 2 report, designed to reassure customers about an organization’s security

Question 21

Benchmark

Answer 21

the standard to which a system is compared to determine whether it is securely configured

Question 22

Example of a benchmark

Answer 22

the NIST cybersecurity framework

Question 23

How can we collect data for our audit?

Answer 23

questionnaires, interviews, observation, etc.

Question 24

Steps of an audit

Answer 24

Planning, fieldwork, reporting, and follow-up

Question 25

Step 1. planning

Answer 25

Define the audit plan and the scope of the audit

Question 26

Step 2. fieldwork

Answer 26

Analyze how well controls are working

Question 27

Step 3. reporting

Answer 27

create audit logs and other reports

Question 28

Step 4. follow up

Answer 28

review actions taken and determine whether issues outlined in the audit report have been solved.

Question 29

Event logs

Answer 29

document general operating system and application software events

Question 30

Access logs

Answer 30

document access requests to resources

Question 31

Security logs

Answer 31

document security-related events

Question 32

Audit logs

Answer 32

defined events that provide additional input to audit activities

Question 33

Security Information and event management system (SIEM)

Answer 33

helps organizations manage log files by providing a common platform to capture and analyze entries from firewall, intrusion detection, and database server logs

Question 34

The SIEM..

Answer 34

- Standardizes data - Produces visualizations of data - Monitor user activity and ensure that users act in a way that is in line with company policies

Question 35

IDs

Answer 35

a control that identifies abnormal traffic

Question 36

IPs

Answer 36

actively block malicious traffic

Question 37

System hardening

Answer 37

Turn off or disable unnecessary services and protect the ones that are still running

Question 38

Black-box testing

Answer 38

uses test methods that aren't based directly on knowledge of a program's architecture or design

Question 39

White-box testing

Answer 39

based on knowledge of the application's design and source code

Question 40

Grey-box testing

Answer 40

lies somewhere between black-box and white-box testing