Computer Security - Exam II

The flashcards below were created by user mjweston on FreezingBlue Flashcards.

  1. security audit
    an independent review and examination of a system's records and activities to determine the adequacy of system controls, ensure compliacne with established security policy and procedures, detect breaches in security services , and recommend any changes that are indicated for countermeasures
  2. security audit trail
    a chronological record of system activities that is sufficient to enable the reconstruction and examination of the sequence of environments and activities surrounding or leading to an operation, procedure, or event in a security-relevant transaction from inception to final results
  3. event discriminator
    logic embedded into the software of the system that monitors system activity and detects security-related events that it has been configured to detect
  4. audit recorder
    for each recorded event the event discriminator transmits the information to _______ , often in the form of a message or by recording the event
  5. alarm processor
    takes some action based on the alarm (which is auditable)
  6. security audit trail
    stores a formatted record of each event created by the audit recorder
  7. audit analyzer
    based on a pattern of activity, may define new auditable events which are sent to the audit recorder and may generate an alarm
  8. audit archiver
    a software module that periodically extracts records from the audit trail to create a permanent archive of auditable events
  9. archives
    a permanent store of security-related events on a system
  10. audit provider
    an application and/or user interface to the audit trail
  11. audit trail examiner
    an application or user who examines the audit trail and the audit archives for historical trends, for computer forensic purposes, and for other analysis
  12. security reports
    human-readable reports prepared by the audit trail examiner
  13. audit trail collector
    a module on a centralized system that collects audit trail records from other systems and creates a combined audit trail
  14. audit dispatcher
    a module that transmits the audit trail records from its local system to the centralized audit trail collector
  15. audit trail collector
    audit dispatcher
    two additional logical components needed for a distributed auditing service
  16. event discriminator
    audit recorder
    alarm processor
    security audit trail
    audit analyzer
    audit archiver
    audit provider
    audit trail examiner
    security reports
    key elements of a Security Audit and Alarms Model
  17. data generation
    event selection
    event storage
    automatic response
    audit analysis
    audit review
    six major areas of security auditing functions
  18. data generation
    identifies the level of auditing, enumerates the types of auditable events, and identifies the minimum set of audit-related information provided
  19. event selection
    inclusion or exclusion of events from the auditable set that helps to avoid the creation of an unwieldy audit trail
  20. event storage
    creation and maintenance of the secure audit trail - includes measures to provide availability and to prevent loss of data from the audit trail
  21. automatic response
    defines reactions taken following detection of events that are indicative of a potential security violation
  22. audit analysis
    provided via automated mechanisms to analyze system activity and audit data in search of security violations - uses anomaly detection and attack heuristics
  23. audit review
    as available to authorized users to assist in audit data review - may include a selectable review function, and may be restricted to authorized users
  24. system-level audit trails
    application-level audit trails
    user-level audit trails
    physical access audit trails
    categories for audit trail design
  25. system event log
    applications event log
    security event log
    three types of Windows event logs
  26. system event log
    used by applications running under system service accounts (installed system services), drivers, or a component or application that has events that relate to the health of the computer system
  27. application event log
    events for all user-level applications - is not secured, and is open to any applications
  28. security event log
    the Windows Audit Log - for exclusive use of the Windows Local Security Authority
  29. interposable libraries
    dynamic binary rewriting
    two approaches to collecting audit data from applications
  30. after an event
    periodic review
    real-time audit analysis
    timing options of when an audit trail analysis is to be done
  31. basic alerting - software gives indication that an event has occurred
    baselining - normal vs. unusual events
    windowing - detection of events within a set of parameters
    correlation - seeks for relationships among events
    four major approaches to data analysis
  32. thresholding
    a form of baseline analysis - the identification of data that exceed a particular baseline value - used to identify events, such as refused connections
  33. windowing
    detection of events within a given set of parameters, such as within a given time period or outside a given time period
  34. Security Information and Event Management system
  35. Security Information Management system
Card Set:
Computer Security - Exam II
2013-10-18 00:07:19
18 Computer Security

Security Auditing
Show Answers: