Professional Documents
Culture Documents
IT E&a-Lecture 2 Students Ver
IT E&a-Lecture 2 Students Ver
AUDITING Lecture 2
PRACTICE QUESTIONS
Deloitte
Asset: ?
Threat: ?
Vulnerability: ?
Independent Audits
• Independent audits are outside of the customer‐supplier
influence
• Third‐party independent auditors are relied on for licensing,
certification, or product approval
• A simple example is independent consumer reports. E.g., ISO-
27001 (Managing Information Security)/27007 (Managing ISMS
audit program)
These represent the lowest level and most successful area for breach by
hackers, configuration failures, and technical faults
Within technical interfaces are incredible numbers of invisible vulnerabilities,
many of which are documented in the US National Vulnerability Database
(NVD.NIST.org)
E.g., you may ask the simple question of how the changing of privileged
passwords is handled, yet the common answer of root or admin neglects
changing the other 30 to 40 passwords for program‐to‐program, BIOS, boot, and
interface access, which have full root‐/admin‐level privileges and are published
worldwide in vendor installation manuals and are available online to the public