Chapter 7. Auditing, Testing, and Monitoring
WHEN YOU AUDIT A COMPUTER SYSTEM, you check to see how it has performed. Simply put, when you audit a system, you see if things on the system work according to plan. Audits also often look at the current configuration of a system as a snapshot in time to verify that it complies with standards.
You can audit a system manually or you can do it using automated computer software. Manual tests include the following:
Interviewing your staff
Performing vulnerability scans
Reviewing application and operating system access controls
Analyzing physical access to the systems
With automated tests, the system creates a report of any changes to important files and settings. These files and settings might relate to the operating ...