Auditing
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Difficulty
Advanced
Video Transcription
00:01
>> Now, to this point in time,
00:01
covered the aspects of the IAAA.
00:01
We did identification, authentication, authorization
00:01
>> so the last A that we want to look at,
00:01
>> let's just look at it briefly because this
00:01
is going to come up in later chapters.
00:01
But we want to talk about auditing.
00:01
Auditing can also be used incorrectly really,
00:01
but can also be used interchangeably with accounting,
00:01
and I see that a lot.
00:01
Some folks will put the last A is auditing,
00:01
some will put accounting.
00:01
Accountability is what auditing gives us.
00:01
But it doesn't mean they're the same thing,
00:01
but so we're going to stick
00:01
>> with a more consistent term of auditing.
00:01
>> In this section,
00:01
>> just talk about auditing thing like I said,
00:01
>> at a high level so that we extend the process.
00:01
When we talk about auditing,
00:01
what we're looking to do is to ensure compliance.
00:01
We want accountability.
00:01
We want to make sure our individuals are following,
00:01
whether it's company policy,
00:01
standards, external standards,
00:01
make sure we're in compliance
00:01
>> with the laws and regulations.
00:01
>> That's what auditing is all about.
00:01
We also go back and audit internally,
00:01
just basic access to resources.
00:01
I audit and determine,
00:01
>> hey, who has access this file or folder,
00:01
>> particularly if those files or folders
00:01
are of a significant or sensitive nature.
00:01
I will audit user accounts
00:01
and determine or try to determine,
00:01
does anybody have too many rights or privileges
00:01
>> based on their role within the organization?
00:01
>> When we talk about auditing,
00:01
our auditors are focused on compliance.
00:01
I will also mention that auditor's job is to audit,
00:01
you didn't see that coming, did you?
00:01
No, but their job is to audit,
00:01
to document, and to report.
00:01
Auditors do not fix,
00:01
they do not correct.
00:01
Also, technically, auditors shouldn't recommend
00:01
remediation strategies either because
00:01
that's a conflict of interest.
00:01
Really your auditors come in,
00:01
they conduct their assessments,
00:01
they write up their reports,
00:01
they turn those reports over to senior management
00:01
>> or whichever entity authorized the audit,
00:01
>> but never would there be
00:01
modification associated with an auditor.
00:01
Auditor's don't even have write permission,
00:01
they just have read permission.
00:01
This will come up more in Chapter 6.
00:01
We just keep in mind for now,
00:01
auditing is all about compliance.
Up Next
Data Emanation Security
Identity and Access Management Review
Domain 6 Overview and Audits
Vulnerability Assessment: Part 1
Vulnerability Assessment: Part 2
Instructed By
Similar Content
