Exam 18: Security Auditing

A _______ is conducted to determine the adequacy of system controls,ensure compliance with established security policy and procedures,detect breaches in security services,and recommend any changes that are indicated for countermeasures.

The ______ repository contains the auditing code to be inserted into an application.

Windows allows the system user to enable auditing in _______ different categories.

With _________ the linking to shared library routines is deferred until load time so that if changes are made any program that references the library is unaffected.

The audit _______ are a permanent store of security-related events on a system.

_________ is a form of auditing that focuses on the security of an organization's IS assets.

Security auditing can:

The basic audit objective is to establish accountability for system entities that initiate or participate in security-relevant events and actions.

Means are needed to generate and record a security audit trail and to review and analyze the audit trail to discover and investigate attacks and security compromises.

A _________is a chronological record of system activities that is sufficient to enable the reconstruction and examination of the sequence of environments and activities surrounding or leading to an operation,procedure,or event in a security-relevant transaction from inception to final results.

________ audit trail traces the activity of individual users over time and can be used to hold a user accountable for his or her actions.

______ is the process of defining normal versus unusual events and patterns.

_________ audit trails may be used to detect security violations within an application or to detect flaws in the application's interaction with the system.

The first order of business in security audit trail design is the selection of data items to capture.

A _______ is an independent review and examination of a system's records and activities.

According to ISO 27002,the person(s)carrying out the audit should be independent of the activities audited.

Messages in the BSD syslog format consist of three parts: PRI,Header,and ___.

Although important,security auditing is not a key element in computer security.

Severe messages,such as immediate system shutdown,is a(n)_____ severity.

Event and audit trail analysis software,tools,and interfaces may be used to analyze collected data as well as for investigating data trends and anomalies.