expand for answer
Violation Analysis
A form of auditing that uses clipping levels.
Similar items:
A threshold value used in violation analysis auditing. Crossing the clipping level triggers the recording of relevant event data to an audit log.
[view]
[view]
A violation, or imminent threat of a violation, of a security policy or practice within the organization. Computer security incidents are the result of an attack, malware infection, or inappropriate usage by employees. See incident.
[view]
[view]
<p><b>1. Initiation and planning</b><br>
At this stage, the administration initiates and plans the implementation of the
program. A C&A implementation expert lays out the documentation (including the
business case and requirement documents) and presents it to the administration
in the form of a comprehensive C&A package.<br>
</p>
<p><b>2. Certification</b><br>
At this stage, an external auditing team analyzes the C&A package and the
information security systems of the organization. The audits will include
running vulnerability scans, conducting interviews, and checking if everything
complies with the accepted standards and norms.<br>
</p>
<p><b>3. Accreditation</b><br>
In the accreditation stage, the certifying authority will review the compiled
C&A package and will also go through the recommendations put forward by the
auditing team. Before granting the accreditation, the authority will make its
examination and see if there is a possibility of accepting non-remedied risks in
the system.<br>
</p>
<p><b>4. Periodic monitoring</b><br>
The system, the personnel, and the whole organization in general will be
monitored periodically by a team whose sole responsibility is to ensure that the
program stays operational as it should. Any risks, vulnerabilities, or threats
that might arise during the monitoring stage will also have to be dealt with by
the security enforcers of the organization.<br>
</p>
[view]
[view]
A hardware or software mechanism used to manage access to resources and systems and provide protection for them. They are the same as technical access controls. Examples of logical or technical access controls include encryption, smart cards, passwords, biometrics, constrained interfaces, access control lists, protocols, firewalls, routers, intrusion detection systems, and clipping levels.
[view]
[view]
The hardware or software mechanisms used to manage access to resources and systems and provide protection for those resources and systems. Examples of logical or technical access controls include encryption, smart cards, passwords, biometrics, constrained interfaces, access control lists, protocols, firewalls, routers, IDEs, and clipping levels. The same as logical access control.
[view]
[view]
There are no comments yet.