Assignment: Security Assessments
Chapter 7 of the text discusses various auditing and monitoring techniques. Write a 2-3 page APA-formatted paper (including cover page, running head, page numbers, APA headers, in-text citations and final references page) using a minimum of 2 references discussing the importance of performing regular security audits and vulnerability scans in the business environment.
Chapter 7 pages
Auditing, Testing, and Monitoring
WHEN YOU AUDIT A COMPUTER SYSTEM, you check to see how it has performed. Simply put, when you audit a system, you see if things on the system work according to plan. Audits also often look at the current configuration of a system as a snapshot in time to verify that it complies with standards. You can audit a system manually or you can do it using automated
computer software. Manual tests include the following:
â€¢ Interviewing your staff
â€¢ Performing vulnerability scans
â€¢ Reviewing application and operating system access controls
â€¢ Analyzing physical access to the systems
With automated tests, the system creates a report of any changes to important files and settings. These fi les and settings might relate to the operating system or to application software. Systems can include personal computers, servers, mainframes, network routers, and switches. Examples of these types of applications include software associated with access to the Internet, databases, or any resources shared by users. Of course, long before you can audit a system, you need to create the policies and procedures that establish the rules and requirements of the system. That is, before you can determine whether something has worked, you must first define how itâ€™s supposed to work. This is known as assessing your system. You evaluate all the components of your system and determine how each should work. This sets your baseline expectations. Once you have that, you can audit the system. You compare the systemâ€™s performance to your baseline expectations to see whether things worked as planned.