April 2016
Intermediate to advanced
504 pages
16h 9m
English
Content preview from The Security Risk Assessment Handbook, 2nd Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Technical Data Gathering ◾ 245
© 2011 by Taylor & Francis Group, LLC
◾ Accountability—e principle of accountability states that the additions,
modications, and deletions of critical assets need to be audited and associ-
ated with the user or process that performed the action. For each critical asset
within a critical system, an audit record should be cut when the le is viewed,
deleted, modied, or created.
e security risk assessment team should ensure that adequate audit
records are generated for access to critical assets.
◾ Avoid Single Points of Failure—A single point of failure is dened as a
resource whose loss will in turn result in the loss of a critical service. If a
single system component or resource fa