Which of the following is MOST important for an IS auditor to verify when evaluating an organization's firewall?
Which of the following is MOST important for an IS auditor to verify when evaluating an organization's firewall?
Access to configuration files is restricted is the most important aspect for an IS auditor to verify when evaluating an organization's firewall. Unauthorized access to these files can lead to misconfigurations or intentional changes by malicious actors, which can compromise the firewall’s effectiveness and expose the network to security threats. Maintaining the integrity and security of configuration files is critical to ensure the firewall operates as intended and protects the organizational network.
B. Access to configuration files is restricted.
Access to configuration files being restricted is critical for maintaining the security and integrity of the firewall configuration. Unauthorized access to firewall configuration files could lead to misconfigurations, vulnerabilities, or intentional changes by malicious actors, compromising the effectiveness of the firewall and potentially exposing the organization's network to security risks.
The most important thing for an IS auditor to verify when evaluating an organization’s firewall is that the logs are being collected in a separate protected host. Logs are records of events or activities that occur on a system or network, such as connections, requests, responses, errors, and alerts. Logs can provide valuable information for auditing, monitoring, troubleshooting, and investigating security incidents. However, logs can also be tampered with, deleted, or corrupted by attackers or insiders who want to hide their tracks or evidence of their actions. Therefore, it is essential that logs are stored in a separate host that is isolated and secured from the network and the firewall itself, to prevent unauthorized access or modification of the logs.
Log collection itslelf means nothing.. Someone needs to review, someone needs to act. Access to conf files is more important, you can change settings, how fw operates, to which syslog the logs are sent to etc.
its more dangerous to be able to tamper with configuration files than logs. answer is B
A is important but B is MOST important. So I say B