Page 1251 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1251
Both statistical and nonstatistical sampling are valid
mechanisms to create summaries or overviews of large bodies of
audit data. However, statistical sampling is more reliable and
mathematically defensible.
Other Monitoring Tools
Although logs are the primary tools used with auditing, there are some
additional tools used within organizations that are worth mentioning.
For example, a closed-circuit television (CCTV) can automatically
record events onto tape for later review. Security personnel can also
watch a live CCTV system for unwanted, unauthorized, or illegal
activities in real time. This system can work alone or in conjunction
with security guards, who themselves can be monitored by the CCTV
and held accountable for any illegal or unethical activity. Other tools
include keystroke monitoring, traffic analysis monitoring, trend
analysis monitoring, and monitoring to prevent data loss.
Keystroke Monitoring Keystroke monitoring is the act of recording
the keystrokes a user performs on a physical keyboard. The
monitoring is commonly done via technical means such as a hardware
device or a software program known as a keylogger. However, a video
recorder can perform visual monitoring. In most cases, attackers use
keystroke monitoring for malicious purposes. In extreme
circumstances and highly restricted environments, an organization
might implement keystroke monitoring to audit and analyze user
activity.
Keystroke monitoring is often compared to wiretapping. There is some
debate about whether keystroke monitoring should be restricted and
controlled in the same manner as telephone wiretaps. Many
organizations that employ keystroke monitoring notify both
authorized and unauthorized users of such monitoring through
employment agreements, security policies, or warning banners at sign-
on or login areas.
