Audit and Compliance

Understand the three types of events under an audit: system-, application-, ◾ and user-level events. Understand the objectives of a security audit. ◾ Describe security monitoring. ◾ Understand the different types of security governance metrics and describe a ◾ good metric using the “SMART” system. Describe the phases involved in a vulnerability assessment. ◾ Understand why reconnaissance is important. ◾ Describe the importance of testing systems in place to monitor or track ◾ unusual activities. Describe the term “soft targets” and the importance of protecting all systems ◾ on the network equally as opposed to only the critical systems. Understand how attackers can maintain access to a system and cover their ◾ tracks. Describe the importance of documenting and reporting. ◾

10.1 Audit and Compliance Auditing is the practice of checking or testing current activities against the organization’s established policies and procedures. Auditing can be done internally or

externally. A security audit generally focuses on three types of events: system-, application-, and user-level events. These types of audits utilize logs that are generated by the operating system, application, or other security-related systems. The logs are used to provide a transaction history or audit trail, which is a chronological record of a system’s performance or activity. Audit trails should be sufficient to examine the sequence of events from the start of a transaction to the final results of that transaction.