Chapter 7. Auditing, Testing, and Monitoring

WHEN YOU AUDIT A COMPUTER SYSTEM, you check to see how it has performed. Simply put, when you audit a system, you see if things on the system work according to plan. Audits also often look at the current configuration of a system as a snapshot in time to verify that it complies with standards.

You can audit a system manually or you can do it using automated computer software. Manual tests include the following:

  • Interviewing your staff

  • Performing vulnerability scans

  • Reviewing application and operating system access controls

  • Analyzing physical access to the systems

With automated tests, the system creates a report of any changes to important files and settings. These files and settings might relate to the operating ...

Get Fundamentals of Information Systems Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.