Chapter 7. Auditing, Testing, and Monitoring
WHEN YOU AUDIT A COMPUTER SYSTEM, you check to see how it has performed. Simply put, when you audit a system, you see if things on the system work according to plan. Audits also often look at the current configuration of a system as a snapshot in time to verify that it complies with standards.
You can audit a system manually or you can do it using automated computer software. Manual tests include the following:
Interviewing your staff
Performing vulnerability scans
Reviewing application and operating system access controls
Analyzing physical access to the systems
With automated tests, the system creates a report of any changes to important files and settings. These files and settings might relate to the operating ...
Get Fundamentals of Information Systems Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.