QA/QC
QA (Quality Assurance): 重點在於「監督」企業或專案的「流程」是否被適當遵循,以及流程有沒有改進的空間。
QC (Quality Control): 重點在於「量測」專案產出是否符合當初訂定的品質標準。
Administratie Management
Separation of duties: a preventive measure that requires collusion to occur in order for someone to commit an act that is against policy.
Job rotate: helps identify fraudulent activities, and therefore can be considered a detective type of
Job rotate: helps identify fraudulent activities, and therefore can be considered a detective type of
control.
Least privilege and need to know
Mandatory vacations
Least privilege and need to know
Mandatory vacations
Clipping Levels
predefined thresholds for the number of certain types of errors that will be allowed before the activity is considered suspicious.
Change Control Process
1. Request for a change to take place
2. Approval of the change
3. Documentation of the change
4. Tested and presented
5. Implementation
6. Report change to management
Network and Resource Availability
Mean time between failures (MTBF): estimated lifespan of a piece of equipment. MTBF is calculated by the vendor of the equipment or a third party.This value is to know approximately when a particular device will need to be replaced.
Mean time to repair (MTTR): the amount of time it will be expected to take to get a device fixed and back into production.
RAID Levels
Penetration Testing Steps
1. Discovery: Footprinting and gathering information about the target
2. Enumeration: Performing port scans and resource identification methods
3. Vulnerability mapping: Identifying vulnerabilities in identified systems and resources
4. Exploitation: Attempting to gain unauthorized access by exploiting vulnerabilities
5. Report to management: Delivering to management documentation of test findings along with suggested countermeasures
Operational threats
1. disclosure (洩漏)
2. theft (竊取)
3. corruption (腐敗)
4. interruption (中斷)
5. destruction (破壞)
沒有留言:
張貼留言