O'Reilly logo

The CISA® Prep Guide: Mastering the Certified Information Systems Auditor Exam by John Kramer

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

4.2. Identification, Authentication, and Authorization

Whether you are reviewing systems, applications, or networks, one of your top priorities will be the interface points with the user. The majority of risk will always lie with the people who will be using the IS systems that you are evaluating. People do not always follow rational processes and cannot be depended upon to follow policies and rules at all times. Our fallible human nature makes us naturally curious beings that often want to explore our environment, sometimes beyond where we have permission to go. Systems are predictable, on the other hand, and will follow the rules given to them. When an error occurs, it can be reproduced because the same thing will happen over again, absent from human intervention.

As you go about evaluating the human interface to systems, you will need to be aware of the security-related characteristics of the individuals and their usage patterns. This starts with "... just exactly who is this person anyway?" The user's identity is the key aspect of access that must be focused on first and foremost in the security evaluations. Unauthorized access usually begins with identity theft or masquerading as someone you are not. The escalation of privileges, social engineering, and physical theft, for that matter, are all identity issues at their root. Privileges are associated with individuals. There is an implicit assumption that the individual is who they say they are at the point in the process where ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required