Retrieved from https://studentshare.org/information-technology/1605837-goals-of-auditing-and-risk-management
https://studentshare.org/information-technology/1605837-goals-of-auditing-and-risk-management.
The people involved in this process are certified practitioners, as they dig down the application connected to a networked environment for known and unknown threats. Organizations are now adding an extra layer of defense against intelligent threats that are now called as advanced persistent threats. One of the examples for this added security is the inclusion of Intrusion detection system that continuously monitors anomalies on the network. The auditor must incorporate reviews for activity of the culprit from the World Wide Web, remote connections, real time applications performing financial transactions, and interaction with the intranet i.e. the inbound network.
Moreover, code audits are very important because vendors cannot be completely trusted, and the patches along with security updates must be tested prior to deploying them to the lie environment. Furthermore, testing documentation with standardized practices is also essential in this regards. Configuration management has a lot to offer, as it strongly contributes in the process of securing applications and demonstrates configuration items that may conflict with each other, resulting in exposing a vulnerability to cyber criminals.
In addition, primarily change management practices will east the tasks for the auditor, as all the related documentation must be reviewed with the current scenario. Today, advance persistent threats are using specialized codes that are capable of bypassing the firewall, as well as, the updated antivirus programs. Passive attacks utilize a script with techniques such as obfuscation, polymorphism and encryption (Gharibi & Mirza, 2011). All these techniques are used for making the detection mechanism fail, resulting in a successful security
...Download file to see next pages Read More