CHAPTER 7: Auditing, Testing, and Monitoring
PLANNING FOR SECURE SYSTEMS doesn’t stop once you’ve deployed controls. If you really want to protect yourself from data breaches, you have to make sure you’re ready for any type of attack. To do that, you evaluate your systems regularly. One crucial type of evaluation to avoid a data breach is a security audit. When you audit a computer system, you check to see how its operation has met your security goals. Simply put, when you audit a system, you see if things on the system work according to plan. Audits also often look at the current configuration of a system as a snapshot in time to verify that it complies with requirements.
You can audit a system manually or you can do it using automated computer ...
Get Fundamentals of Information Systems Security, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.