Fatskills
Practice. Master. Repeat.
Study Guide: SSCP: 10. Auditing and Management Processes
Source: https://www.fatskills.com/systems-security-certified-practitioner-sscp/chapter/sscp-10-auditing-and-management-processes

SSCP: 10. Auditing and Management Processes

By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.

⏱️ ~2 min read

Auditing is an important component of enforcing accountability. When an organization implements strong authentication and authorization methods, administrators and security personnel can use auditing methods to track user activity and hold individuals accountable for their activity. Most auditing methods use clipping levels to generate alerts only when the system detects the number of events exceeds a predetermined threshold. The auditing system ignores events that don’t meet the threshold. Together, logs create an audit trail that administrators and security professionals can use to reconstruct the events that occurred leading up to and during an incident.
Many different types of audit logs exist. Operating system logs record events on individual systems. These include security logs, system logs, and application logs. Security logs record security events, such as when a user accesses a file. System logs record system events, such as when a service stops or starts. Application logs record application events based on the needs of the application. Proxy logs and firewall logs record activity through proxy servers and firewalls, respectively. An important step related to logs is to review them on a regular basis.
Security audits examine an organization’s practices and operations to determine whether they conform to existing policies or applicable laws. Audits are often required to ensure that an organization is complying with specific external requirements (such as PCI DSS) or laws (such as HIPAA), and internal audits show an attempt to comply with these external requirements. In some situations, organizations are required to hire external auditors to perform audits.
Configuration control ensures that systems are configured using a baseline. This ensures that systems are configured in a secure manner and that configuration is similar (if not identical) for similar systems. Imaging is a common method used to deploy systems with similar needs and configuration requirements. Change management helps prevent unauthorized changes resulting in unintended outages, while also identifying potential security impacts.



ADVERTISEMENT