CISSP考试指南笔记:6.6 快速提示

2021-03-23 11:09:07 浏览数 (3)

  • An audit is a systematic assessment of the security controls of an information system.
  • Setting a clear set of goals is probably the most important step of planning a security audit.
  • Internal audits benefit from the auditors’ familiarity with the systems, but may be hindered by a lack of exposure to how others attack and defend systems.
  • External audits happen when organizations have a contract in place that includes security provisions. The contracting party can demand to audit the contractor to ensure those provisions are being met.
  • Third-party audits typically bring a much broader background of experience that can provide fresh insights, but can be expensive.
  • Test coverage is a measure of how much of a system is examined by a specific test (or group of tests).
  • A vulnerability test is an examination of a system for the purpose of identifying, defining, and ranking its vulnerabilities.
  • Black box testing treats the system being tested as completely opaque.
  • White box testing affords the auditor complete knowledge of the inner workings of the system even before the first scan is performed.
  • Gray box testing gives the auditor some, but not all, information about the internal workings of the system.
  • Penetration testing is the process of simulating attacks on a network and its systems at the request of the owner.
  • A blind test is one in which the assessors only have publicly available data to work with and the network security staff is aware that the testing will occur.
  • A double-blind test (stealth assessment) is a blind test in which the network security staff is not notified that testing will occur.
  • War dialing allows attackers and administrators to dial large blocks of phone numbers in search of available modems.
  • A log review is the examination of system log files to detect security events or to verify the effectiveness of security controls.
  • Synthetic transactions are scripted events that mimic the behaviors of real users and allow security professionals to systematically test the performance of critical services.
  • A misuse case is a use case that includes threat actors and the tasks they want to perform on the system.
  • A code review is a systematic examination of the instructions that comprise a piece of software, performed by someone other than the author of that code.
  • Interface testing is the systematic evaluation of a given set of exchange points for data between systems and/or users.
  • Administrative controls are implemented primarily through policies or procedures.
  • Privileged user accounts pose significant risk to the organization and should be carefully managed and controlled.

1 人点赞