Focused On Your Success


The All.Net Security Database

Audit Cross Reference
Audit Cross Reference

Technologies and issues that are part of the audit process.

Audit is the means by which management gets necessary feedback about the effectiveness of controls. For this reason, internal audit is normally a top-level management function, and external audit is normally performed at the ongoing request of top management as an independent verification that internal audit is doing the job properly. [Drill-Down]

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
    		•  Other:
  • Risk Management
  • Database Description
    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
    		• Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
    • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
    		• Brekne's Causal:
  • Accidental
  • Malicious
    		• Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental
    • [Defense54 - accountability]
    [Defense131 - adversary principle (GASSP)]
    [Defense135 - alarms]
    [Defense62 - analysis of physical characteristics]
    [Defense32 - anomaly detection]
    [Defense30 - audit analysis]
    [Defense29 - auditing]
    [Defense35 - awareness of implications]
    [Defense5 - background checks]
    [Defense57 - change management]
    [Defense105 - Chinese walls]
    [Defense49 - classifying information as to sensitivity]
    [Defense120 - clear line of responsibility for protection]
    [Defense123 - compliance with laws and regulations]
    [Defense94 - concealed services]
    [Defense58 - configuration management]
    [Defense96 - content checking]
    [Defense99 - deceptions]
    [Defense72 - detailed audit]
    [Defense13 - detection before failure]
    [Defense118 - document and information control procedures]
    [Defense18 - encryption]
    [Defense38 - financial situation checking]
    [Defense44 - hard-to-guess passwords]
    [Defense102 - independent computer and tool use by auditors]
    [Defense109 - independent control of audit information]
    [Defense119 - individual accountability for all assets and actions]
    [Defense116 - inspection of incoming and outgoing materials]
    [Defense89 - integrity checking]
    [Defense130 - internal control principle (GASSP)]
    [Defense79 - inventory control]
    [Defense53 - known-attack scanning]
    [Defense31 - misuse detection]
    [Defense126 - multidisciplinary principle (GASSP)]
    [Defense66 - noise injection]
    [Defense22 - out-of-range detection]
    [Defense69 - path diversity]
    [Defense36 - periodic reassessment]
    [Defense25 - policies]
    [Defense28 - procedures]
    [Defense121 - program change logs]
    [Defense104 - protection of data used in system testing]
    [Defense122 - protection of names of resources]
    [Defense16 - redundancy]
    [Defense101 - regular review of protection measures]
    [Defense100 - retaining confidentiality of security status information]
    [Defense140 - searches and inspections]
    [Defense51 - secure design]
    [Defense4 - sensors]
    [Defense40 - separation of duties]
    [Defense41 - separation of function]
    [Defense27 - standards]
    [Defense1 - strong change control]
    [Defense52 - testing]
    [Defense128 - timeliness principle (GASSP)]
    [Defense106 - tracking, correlation, and analysis of incident reporting and response information]
    [Defense24 - training and awareness]
    [Defense97 - trusted system technologies]