Auditing and Wrap-Up
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Welcome back.
00:00
>> Here we are at the end of the IAAA section.
00:00
>> Remember, that stands for identification,
00:00
authentication, authorization, and auditing.
00:00
Let's go over auditing.
00:00
Whenever you hear the term compliance,
00:00
immediately think audit.
00:00
Audits are all about verifying compliance.
00:00
It could be compliance with internal policies,
00:00
external laws or regulations,
00:00
compliance with a contract or an industry standard.
00:00
But it's all about compliance.
00:00
Are we performing the processes as stated?
00:00
Are we meeting those standards?
00:00
Auditors document.
00:00
They record, they audit,
00:00
but they never correct.
00:00
They do not modify.
00:00
As a matter of fact, really,
00:00
auditor's shouldn't even necessarily provide it,
00:00
>> remediation, because that is
00:00
>> a violation of the separation of duties.
00:00
The exam is not going to get into that,
00:00
but auditors are often going to suggest remediation.
00:00
But really, auditors are only
00:00
>> going to audit and report.
00:00
>> That wraps up identity and access management.
00:00
Don't forget the four pieces of access control.
00:00
Identification is making a claim.
00:00
Authentication provides proof of your claim
00:00
>> using something you know,
00:00
>> something you have, something you are,
00:00
something you do, or somewhere you are.
00:00
Those are the main types of authentication.
00:00
The best form of authentication is multi-factor.
00:00
Authorization, what rights and permissions do you have
00:00
>> based on your identity.
00:00
>> Auditing is all about being able to test compliance.
00:00
That wraps up this chapter.
Similar Content
