Audit and Monitoring

This chapter explores the concept of monitoring of Systems Security Certified Practitioner (SSCP) exam. Auditing is the process by which one can ensure that a specific system, process, mechanism, or function meets a defined list of criteria. As far as monitoring of SSCP is concerned, the monitoring area includes those mechanisms, tools, and facilities used to identify, classify, prioritize, respond, and report on security events and vulnerabilities. The audit function provides the ability to determine if the system is being operated in accordance with accepted industry practices and in compliance with specific organizational policies, standards, and procedures. The logging features provided on most networks and systems involve the logging of known or partially known resource event activities. While these logs are sometimes used for analyzing system problems, they are also useful for those whose duty is to process the log files and check for both valid and invalid system activities. To assist in catching mistakes and reduce the likelihood of fraudulent activities, the activities of a process should be split among several people.